cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2030
Views
0
Helpful
1
Replies

Checking the Identity of a Router with its RSA Key Fingerprint

Hello guys,

I've been struggling with this matter for a few hours and I cannot see a way out.

The idea is to check the identity of a Cisco router through its RSA fingerprint during an SSH connection:

I've done the following steps:

 

1) Configuring the keys on the Cisco router

# Erasing existing non exportable RSA keys

crypto key zeroize rsa

 

# Generating exportable RSA keys

crypto key generate rsa exportable general-keys label <rsa-keys-label> modulus <key-length>

 

# Exporting RSA public and private keys into PEM format before fingerprinting it

crypto key export rsa <rsa-keys-label> pem terminal 3des <Passphrase-used-to-protect-the-private-key>

 

2) SSHing from a linux host to the router

$ ssh root@192.168.127.254

The authenticity of host '192.168.127.254 (192.168.127.254)' can't be established.

RSA key fingerprint is 90:b5:de:97:7a:1f:ca:23:ba:30:7a:0b:d0:47:2c:0e.

Are you sure you want to continue connecting (yes/no)?

 

3) Verifying the RSA key fingerprint of the router

# Using ssh-keygen on the linux host with the router public key

$ ssh-keygen -l -f ssh_router_rsa_key.pub

ssh_router_rsa_key.pub is not a public key file.

 

# Using Linux "Passwords and keys" GUI application with the router private key

cf. attachment.

As you can see, the fingerprint is completely different.

Any suggestion?

1 Reply 1

This issue turned out to be a file format incompatibility with the linux command "ssh-keygen".

The solution is described here.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: