Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Checking the Identity of a Router with its RSA Key Fingerprint

Hello guys,

I've been struggling with this matter for a few hours and I cannot see a way out.

The idea is to check the identity of a Cisco router through its RSA fingerprint during an SSH connection:

I've done the following steps:

 

1) Configuring the keys on the Cisco router

# Erasing existing non exportable RSA keys

crypto key zeroize rsa

 

# Generating exportable RSA keys

crypto key generate rsa exportable general-keys label <rsa-keys-label> modulus <key-length>

 

# Exporting RSA public and private keys into PEM format before fingerprinting it

crypto key export rsa <rsa-keys-label> pem terminal 3des <Passphrase-used-to-protect-the-private-key>

 

2) SSHing from a linux host to the router

$ ssh root@192.168.127.254

The authenticity of host '192.168.127.254 (192.168.127.254)' can't be established.

RSA key fingerprint is 90:b5:de:97:7a:1f:ca:23:ba:30:7a:0b:d0:47:2c:0e.

Are you sure you want to continue connecting (yes/no)?

 

3) Verifying the RSA key fingerprint of the router

# Using ssh-keygen on the linux host with the router public key

$ ssh-keygen -l -f ssh_router_rsa_key.pub

ssh_router_rsa_key.pub is not a public key file.

 

# Using Linux "Passwords and keys" GUI application with the router private key

cf. attachment.

As you can see, the fingerprint is completely different.

Any suggestion?

Everyone's tags (1)
1 REPLY

This issue turned out to be a

This issue turned out to be a file format incompatibility with the linux command "ssh-keygen".

The solution is described here.

588
Views
0
Helpful
1
Replies
CreatePlease to create content