Generate RSA Key

Unanswered Question
Apr 3rd, 2007
User Badges:

When I tried to SSH to a box I get

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

key_verify failed for server_host_key

that's because

# sh crypto key mypubkey rsa

Key pair was generated at: 14:59:48 MST Mar 28 2006

Key name: <Default-RSA-Key>

Usage: General Purpose Key

Modulus Size (bits): 512

Key Data: ...

Key pair was generated at: 18:31:55 MST Apr 3 2007

Key name: <Default-RSA-Key>.server

Usage: Encryption Key

Modulus Size (bits): 768

Key Data: ...

If I generate anotherkey with

crypto key generate rsa modulus 1024

will I break all existing VPN and SSH?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sebastan_bach Tue, 04/03/2007 - 18:00
User Badges:

hi changing the modulus of the rsa keys will only affect vpns if they are using rsa nounces or rsa digital certificates for authentication in ike phase 1.

if u are doing ssh into the box and then changing the modulus i guess it might break ur current ssh session however i am not sure. but u can create a backup session via the vpn.

hope this helps.




This Discussion