hi i am new to cisco ips. i wanted to ssh into the ips from a cisco router. i generated ssh keys on the router with the crypto key generate rsa command.
on the ips i tried to add the authorised keys for ssh.
when i copied the keys from the router and pasted in the public modulus field it gives me a error saying . it does not match the pattern
can someone pls help. where i am going wrong.
If your router is accessible by IPS (and vice-versa), can you add the router's IP as trusted host to IPS, and skip the key portion? This is because if the router is accessible at the moment the command is issued, no key is required to be entered. Try to ssh again to the IPS.
The "ssh host-key ip-address [key-modulus-length public-exponent public-modulus]" command is needed if the router is unreachable. This is to confirm the fingerprint of the key displayed for security purposes.
Hope this helps.
hi ak i guess u didn;t get my question properly. i am not asking abt adding known host keys of routers for the ids to communicate to the routers.
i want to ssh from a router to the ips. for which i want to add the authorised ssh keys of the router to access the ips.
can u pls tell me abt that. as i told u the problem i am facing while pasting the public key of router onto the ips.
waiting for ur reply.
Not sure if I wrongly understand it. But as far as I know, the ssh key you generated in router is good when you need to SSH into that router, and that ssh key will not be recognized by IPS. When you ssh to the router, you should noticed that it will ask you whether to keep permanent or temporary the router's ssh key.
But if you need to add allow host and add ssh to the IPS, you need to use different steps as explained in the above Cisco IPS doc link:
sensor# configure terminal
sensor(config)# ssh host-key 10.1.1.1
sensor# show ssh host-keys 10.1.1.1 --> view the ssh key authorised for the router
Bubble Babble: xebiz-vykyk-fekuh-rukuh-cabaz-paret-gosym-serum-korus-fypop-huxyx
I guess tht you need to copy the public key(not the private key) from the router and pasted it in the authorised key file for ssh.
RSA generations will create a public key and private key. Public key remain in the router and only public key be copied.
Hopes that help
ak u are completely wrong and not understanding my question at all.
i said the ips could easily added the ssh keys of the router as known keys. means the ips can access the router via ssh for blocking actions on the router.
i want is to add the router;s ssh keys as the authorised keys . so that i can ssh from the router to the ips.
i hope atleast now u get the question properly.
when i try to paste the keys from the router to the ips it gives a error as i mentioned it above. is there a seperate format for it.
can someone pls help me on this.
We have similar problem with the public key, and eventually give-up. The IPS-ssh device registration obviously was a good option, and it works well.
I think IPS use different key format than router:
border_ro1#sh crypto key mypubkey rsa
% Key pair was generated at: 00:07:28 UTC Dec 12 2006
Key name: border_ro1.xxxxx.com
Usage: General Purpose Key
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C166E8 D6456A39
744CE5A7 C95D2F1C EFE9F11F 8A2E6F08 2CFA4968 EE8AB1CE 2B8F4159 6B1C6E51
6993DD24 AAB79B18 ED098F0E 00F3BDE9 68819020 1CE94869 D5020301 0001
hi u are very right. pn the ips when i retrived the ssh of the router with the retrive key command. the ssh key shows on the ips was completely different as to what key the router shows me. i guess the ips changes the format in which the ssh keys are stored.
I'm one of the Student from Univesity in Malaysia. Currently I'm doing thesis related to Intrusion Prevention System at Host level. I need your help to revert back threats which unable to resolve by current IPS system. I have to investigate on the threats and find the solution. Appreciate if you could share your idea with me. Please do not hesitate to send your email to email@example.com.
Thanks in adavnce,
hi murugan can u tell me in detail what u want to do and what kind of help u need from me. i would like to help u .