04-12-2017 09:05 AM
If I have three crypto keys on my switch, how can I tell which key is used for ssh?
Solved! Go to Solution.
04-13-2017 01:44 PM
Hello,
the key pair used by SSH will usually have a name that equals the router name (plus the domain if your router is configured for this). Do you see a name that equals your router hostname ?
04-13-2017 12:08 PM
Hello,
the command:
show crypto key mypubkey rsa
should show you the key generated for SSH.
04-13-2017 01:20 PM
I did that but there is two general keys and two encryption keys... Names are different on each but neither of which states it is used with SSH... crud...
04-13-2017 01:44 PM
Hello,
the key pair used by SSH will usually have a name that equals the router name (plus the domain if your router is configured for this). Do you see a name that equals your router hostname ?
04-14-2017 07:00 AM
The reason I am asking this is that there was two encryption keys on the system and it worked just fine. Then I created another crypto key with a new size of 2048 (old ones are 1024), disconnected from my ssh session and then reconnected, it never asked me to accept the new key. The new key does have the hostname with the new domain name. It just confuses me to wonder which on it associates with. I have since updated all keys and kept the same labels. I know which one it is using now by doing one at a time but there is no association on the key descriptions that link it to ssh. I don't want to delete any keys as of now because I am just trying to figure out why these keys are here. (just taking over new network).
Thanks for the info Georg.. I think this is as far as I can go with this..
04-14-2017 07:25 AM
Jeff,
unless your switch has some sort of crypto/VPN/Tunnel configuration (which is not very likely on a switch) you will probably be fine with just the one new key you have generated. Either way, the existing keys can't do any harm, I wouldn't delete them either if I wouldn't know what exactly they are being used for...
04-21-2017 08:53 AM
By default SSH uses the first key generated (usually labeled general purpose). I always create a second key and then have the device use it. I know now exactly what key is being used for SSH.
crypto key generate rsa label SSH-KEY module 2048
ip ssh version 2
ip ssh rsa keypair-name SSH-KEY
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide