Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Generate RSA Key

When I tried to SSH to a box I get

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

key_verify failed for server_host_key

that's because

# sh crypto key mypubkey rsa

Key pair was generated at: 14:59:48 MST Mar 28 2006

Key name: <Default-RSA-Key>

Usage: General Purpose Key

Modulus Size (bits): 512

Key Data: ...

Key pair was generated at: 18:31:55 MST Apr 3 2007

Key name: <Default-RSA-Key>.server

Usage: Encryption Key

Modulus Size (bits): 768

Key Data: ...

If I generate anotherkey with

crypto key generate rsa modulus 1024

will I break all existing VPN and SSH?

1 REPLY
New Member

Re: Generate RSA Key

hi changing the modulus of the rsa keys will only affect vpns if they are using rsa nounces or rsa digital certificates for authentication in ike phase 1.

if u are doing ssh into the box and then changing the modulus i guess it might break ur current ssh session however i am not sure. but u can create a backup session via the vpn.

hope this helps.

regards

sebastan

1658
Views
0
Helpful
1
Replies