Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3287
Views
5
Helpful
8
Replies

SSH Server Public Key Too Small vulnerable on Cisco WLC

vinothRajendran
Level 1
Level 1

‎03-27-2023 08:00 AM

For this vulnerable need to increase the Key size from 1024 to 2048.
On WLC how to check the existing RSA key SIZE? Please share the command here to fix the issue.

0 Helpful
8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

‎03-27-2023 08:10 AM

When you say you have a Cisco WLC, what is the model you have.  I'm also assuming you are using 1024bit since you got flagged by security audit?  You can always just generate a new certificate using 2048.  I would think that you can export that cert and look at the key size.

-Scott
*** Please rate helpful posts ***

balaji.bandi
Hall of Fame
Hall of Fame

‎03-27-2023 08:10 AM

Depends on WLC ( cat 9800 with IOS XE or Airos ?)

you  can see that in config or show crypto commands.

syntax to change ( it take longer than normal time when you generating 2048) - make sure be partient. (suggest to use console prefer)

crypto key generate rsa [ general-keys | usage-keys | signature | encryption ] [ label key-label ] [exportable] [ modulus modulus-size ] [ storage devicename : ] [redundancy] [ on devicename : ]

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vinothRajendran
Level 1
Level 1

‎03-27-2023 08:16 AM

Model: AIR-CT5508-K9
IOS running:8.5.182.0
Questions: Before updating to 2048, i need to check the RSA key size frist.
If I run the show crypto command its not work on WLC.

0 Helpful

quicker_cdets_api
Level 1
Level 1

‎03-27-2023 08:17 AM - last edited on ‎04-07-2023 12:39 PM by Cisco Employee

The content of this message was removed 

0 Helpful

vinothRajendran
Level 1
Level 1
In response to quicker_cdets_api

‎03-27-2023 08:22 AM

(Cisco Controller) >show crypto key mypubkey rsa

Incorrect usage. Use the '?' or <TAB> key to list commands.

(Cisco Controller) >

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to vinothRajendran

‎03-27-2023 09:27 AM - edited ‎03-27-2023 09:27 AM

On your browser go to your controller and then look at the certificate.  That is the easiest way to check what you are using unless you are looking for a different certificate.  Each browser has a different way to look at the site certificate that is being presented.

-Scott
*** Please rate helpful posts ***

Mohammed Hamzeh
Cisco Employee
Cisco Employee

‎03-27-2023 09:07 AM - edited ‎03-27-2023 09:13 AM

If the key size is currently set to 1024, you will need to generate a new key with a larger size.\n\nTo generate a new RSA key with a size of 2048, use the following command:

`config crypto key generate rsa`

You will be prompted to specify the size of the new key. Enter \"2048\" and follow the on-screen instructions to complete the process.After generating the new RSA key, you should also update any SSH or SSL configurations on the WLC to use the new key.

 

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card