NoteĮffective with Cisco IOS XE Release 2.4 and Cisco IOS Release 15.1(1)T, the maximum key size was expanded to 4096 bits for private key operations. The range of a CA key modulus is from 350 to 4096 bits. The recommended modulus for a CA key is 2048 bits. (Optional) Specifies the IP size of the key modulus.By default, the modulus of a certification authority (CA) key is 1024 bits. (Optional) Specifies that the RSA key pair can be exported to another Cisco device, such as a router. (Optional) Specifies the name that is used for an RSA key pair when they are being exported.If a key label is not specified, the fully qualified domain name (FQDN) of the router is used. (Optional) Specifies that the RSA public key generated will be an encryption special usage key. (Optional) Specifies that the RSA public key generated will be a signature special usage key. (Optional) Specifies that two RSA special-usage key pairs, one encryption pair and one signature pair, will be generated. (Optional) Specifies that a general-purpose key pair will be generated, which is the default. Choosing modulus greater than 512 will take longer time. The size of Key Modulus range from 360 to 2048. However, a longer modules take longer to generate (see the table below for sample times) and takes longer to use. The longer the modulus, the stronger the security. When you generate RSA keys, you will be prompted to enter a modulus length. This command is not saved in the router configuration however, the RSA keys generated by this command are saved in the private configuration in NVRAM (which is never displayed to the user or backed up to another device) the next time the configuration is written to NVRAM. server.įor example, if a router name is “,” the key name is “.” The additional key pair is used only by SSH and will have a n ame such as. Secure Shell (SSH) may generate an additional RSA key pair if you generate a key pair on a router having no RSA keys. Router (Config)# username loginid1 password cisco1 2. router (Config)# ip domain-name
Router (Config-line)# Exit !!! create local login ID/Pass
Here are the steps to Enable SSH and Crypto Key setup : 2 config must requried for SSH 1 Setup Local VTY line User ID and password (This situation is not true when you generate only a named key pair.) You will be unable to complete the crypto key generate rsa command without a hostname and IP domain name. NOTE: Before issuing this command, ensure that your router has a hostname and IP domain name configured (with the hostname and ip domain-name commands). If your router already has RSA keys when you issue this command, you will be warned and prompted to replace the existing keys with new keys. keys are generated in pairs–one public RSA key and one private RSA key. Use this command to generate RSA key pairs for your Cisco device (such as a router). SSH Config and crypto key generate RSA command
0 kommentar(er)
