RME 4.2.0 - NetConfig SSH Configuration Template

Unanswered Question
Sep 29th, 2009
User Badges:

All,

We're having a problem running command "crypto key generate rsa general-keys modulus 2048" via TFTP on 3550 devices. If we can get it to work, we'll use HP NAS to create the SSH key on our devices.


I'm looking into using RME NetConfig to create the key and came across NetConfig template "SSH Configuration". Does this template create the SSH key?


If not, which RME NetConfig template can be used?


I noticed NetConfig template "Certification Authority Configuration". At the bottom is "RSA Key pairs". Will this run the command listed above?


Thanks,

Stephanie Cornish



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 09/29/2009 - 09:13
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, the SSH template will allow you to configure the RSA keys. Simply Enable Key Configuration in the template instance, then enter the modulus size in the "Number of Key Bits" field (e.g. 1024). That will deploy the following config to the devices:


crypto key generate rsa 1024


Which means, enter "crypto key generate rsa", hit enter, then enter 1024 at the prompt. RME will handle all interactivity automatically.

slcornish Tue, 09/29/2009 - 09:22
User Badges:

crypto key generate rsa general-keys modulus 2048


I don't see "general-keys modulus" in your output so I'm assuming "general-keys modulus" will be omitted in the configuration.


So there's no NetConfig template which will push this exact command:


"crypto key generate rsa general-keys modulus 2048"


Stephanie

Joe Clarke Tue, 09/29/2009 - 09:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, not by default. However, you could use the Ad hoc template (or create a user-defined template) that does:


crypto key generate rsa general-keys modulus 2048


Then this could be deployed along with the SSH template. The SSH template instance would not do anything with the key, and just modify SSH-specific parameters.


Or, you could create a whole user-defined template which does everything you want in one shot. That is, configure the key as well as the requisite SSH parameters.

Actions

This Discussion