Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Checking the Identity of a Router with its RSA Key Fingerprint

Hello guys,

I've been struggling with this matter for a few hours and I cannot see a way out.

The idea is to check the identity of a Cisco router through its RSA fingerprint during an SSH connection:

I've done the following steps:


1) Configuring the keys on the Cisco router

# Erasing existing non exportable RSA keys

crypto key zeroize rsa


# Generating exportable RSA keys

crypto key generate rsa exportable general-keys label <rsa-keys-label> modulus <key-length>


# Exporting RSA public and private keys into PEM format before fingerprinting it

crypto key export rsa <rsa-keys-label> pem terminal 3des <Passphrase-used-to-protect-the-private-key>


2) SSHing from a linux host to the router

$ ssh root@

The authenticity of host ' (' can't be established.

RSA key fingerprint is 90:b5:de:97:7a:1f:ca:23:ba:30:7a:0b:d0:47:2c:0e.

Are you sure you want to continue connecting (yes/no)?


3) Verifying the RSA key fingerprint of the router

# Using ssh-keygen on the linux host with the router public key

$ ssh-keygen -l -f is not a public key file.


# Using Linux "Passwords and keys" GUI application with the router private key

cf. attachment.

As you can see, the fingerprint is completely different.

Any suggestion?

Everyone's tags (1)

This issue turned out to be a

This issue turned out to be a file format incompatibility with the linux command "ssh-keygen".

The solution is described here.

CreatePlease to create content