About cwarren4101

cwarren4101 · 03-17-2020

Good day everyone, to meet emerging requirements I am attempting to configure in a lab PKI login, via SSH, to Cisco IOS. I am using information from various Cisco sources but most are similar to the below. Test configuration is also below and PuttyCA...

cwarren4101 · 06-20-2018

Will probably open a TAC on this but wanted to ask first. Is ISE 2.3(0.298) affected by this vulnerability regardless on installed platform? And if yes is the only resolution path an "upgrade" to 2.4? The bug ID states version 2.3(0.298) is affecte...

cwarren4101 · 04-24-2018

Need much better documentation on what versions of IOS and IOS-XE are affected by this vulnerability. NIST CVE documentation below states multiple versions of IOS-XE are affected, however Cisco says a single version of IOS is affected. Who is accurat...

cwarren4101 · 04-01-2020

You would be correct regarding RFC6187 support in SSH. Digging around a little appears to show a "standards war" regarding the certificate format SSH should support. Wonderful. Need to think about this more now.

cwarren4101 · 03-31-2020

So the 891W router is running 159-3.M1 which is current for the device. SSH keys and the certificate are removed from the device (it was about to expire anyway.) What type of RSA key should be generated please? IOS offers encryption, general-keys, si...

cwarren4101 · 03-19-2020

Good day, sh ip ssh output is below. One issue here maybe is to get IOS to generate x509v3 SSH keys or to get them into IOS. But the procedures found so far require RSA keys to be generated on the device prior to requesting a certificate for said dev...

cwarren4101 · 03-18-2020

Apologies the following is present in the config. ip ssh server certificate profileservertrustpoint sign CAocsp-response includeusertrustpoint verify CA The goal here is to use x509v3-ssh-rsa not ssh-rsa. Unfortunately the URL you gave is out of date...

cwarren4101 · 06-12-2018

Adding to the above, I cannot find this bug ID anywhere in release notes except 6.1.0.6. The bug ID claims it is fixed in 6.2.2 and 6.2.3 but is not so documented in the release notes for those updates.

Member Since	‎12-08-2015 02:04 PM
Date Last Visited	‎03-03-2021 07:56 PM
Posts	12
Total Helpful Votes Received	20

User Statistics

User Activity

IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

CSCvh11308 - Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability

CSCva91655 - Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability

Re: IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

Re: IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

Re: IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

Re: IOS SSH Configuration for PKI login, Putty still wants to use ssh-rsa not x509v3-ssh-rsa

Re: CSCvg99327 - Cisco Firepower System Software Transport Level Security Denial of Service Vulnerability