09-21-2009 08:44 AM - edited 03-09-2019 10:34 PM
Hello,
I have a network with several hundred routers and I need to lock all my devices down to use SSHv2 only.
I have tools which will allow me to interact with the IOS CLI in a scripted fashion but I just need to know, are there commands I can use to easily check for the existence of and length of RSA keys which may already have been generated on my routers?
TIA!
--Steve
09-21-2009 10:11 AM
Steve
This command will show all RSA keys generated on the router -
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_s1g.html#wp1100280
Jon
09-21-2009 10:46 AM
(deleted)
09-21-2009 10:46 AM
Thank you very much, Jon for your reply.
I am aware of the command you referenced and I imagine there is a way to calculate the key length from the displayed key data (e.g. the number of characters displayed will tell you whether the key was generated with a modulus of 512, 768, 1024, etc).
However, I am hoping there is a more succinct way to check for the existence and length (modulus) of all existing keys on a router (something more like a "summary" view or maybe even a MIB variable).
TIA again for any additional recommendations!
--Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide