Cannot use crypto key generate rsa command in config mode

Unanswered Question
Jul 1st, 2008
User Badges:

Have Cisco 1841 router. Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(8)T7, RELEASE SOFTWARE (fc3).

Want to set up SSH for secure telnet sessions. In global config mode: [Router(config)# ] when I enter "crypto key generate rsa" command, I get an error. cr? command does not list crypto as an available command.

What is the issue? Is it a security issue? For example, might I need something like "aaa authorization exec local" to allow this configuration step?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
michael.leblanc Tue, 07/01/2008 - 15:51
User Badges:
  • Silver, 250 points or more

Although I have not confirmed this, I would be inclined to believe that the IPBASE image for your platform likely does not support "crypto".

I would hit the Cisco web site for confirmation before spending any more effort on the CLI.

Richard Burts Wed, 07/02/2008 - 09:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Michael is quite right. The IPBASE feature set in 12.3T does not support crypto and will not allow you to generate a crypto key. To generate a key you do need a feature set that supports crypto. This is generally indicated by the presence of "k9" in the file name of the image file. According to the Feature Navigator on CCO the feature sets in 12.3T would be adventerprisek9, advipservicesk9, advsecurityk9, entservicesk9, and spservicesk9. If you went to 12.4 mainline there is, in fact, an IPBASE feature set that has support for crypto.




This Discussion