Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Good day everyone, to meet emerging requirements I am attempting to configure in a lab PKI login, via SSH, to Cisco IOS. I am using information from various Cisco sources but most are similar to the below. Test configuration is also below and PuttyCA...
Will probably open a TAC on this but wanted to ask first. Is ISE 2.3(0.298) affected by this vulnerability regardless on installed platform? And if yes is the only resolution path an "upgrade" to 2.4?
The bug ID states version 2.3(0.298) is affecte...
Need much better documentation on what versions of IOS and IOS-XE are affected by this vulnerability. NIST CVE documentation below states multiple versions of IOS-XE are affected, however Cisco says a single version of IOS is affected. Who is accurat...
You would be correct regarding RFC6187 support in SSH. Digging around a little appears to show a "standards war" regarding the certificate format SSH should support. Wonderful. Need to think about this more now.
So the 891W router is running 159-3.M1 which is current for the device. SSH keys and the certificate are removed from the device (it was about to expire anyway.) What type of RSA key should be generated please? IOS offers encryption, general-keys, si...
Good day, sh ip ssh output is below. One issue here maybe is to get IOS to generate x509v3 SSH keys or to get them into IOS. But the procedures found so far require RSA keys to be generated on the device prior to requesting a certificate for said dev...
Apologies the following is present in the config. ip ssh server certificate profileservertrustpoint sign CAocsp-response includeusertrustpoint verify CA The goal here is to use x509v3-ssh-rsa not ssh-rsa. Unfortunately the URL you gave is out of date...
Adding to the above, I cannot find this bug ID anywhere in release notes except 6.1.0.6. The bug ID claims it is fixed in 6.2.2 and 6.2.3 but is not so documented in the release notes for those updates.
