failed to paste the authorised keys for ssh on ips

sebastan_bach · ‎12-10-2006

hi i am new to cisco ips. i wanted to ssh into the ips from a cisco router. i generated ssh keys on the router with the crypto key generate rsa command.

on the ips i tried to add the authorised keys for ssh.

when i copied the keys from the router and pasted in the public modulus field it gives me a error saying . it does not match the pattern

^[0-9]+$.

can someone pls help. where i am going wrong.

regards

sebastan

a.kiprawih · ‎12-10-2006

If your router is accessible by IPS (and vice-versa), can you add the router's IP as trusted host to IPS, and skip the key portion? This is because if the router is accessible at the moment the command is issued, no key is required to be entered. Try to ssh again to the IPS.

The "ssh host-key ip-address [key-modulus-length public-exponent public-modulus]" command is needed if the router is unreachable. This is to confirm the fingerprint of the key displayed for security purposes.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df9a.html#wp1035869

Hope this helps.

AK

sebastan_bach · ‎12-11-2006

hi ak i guess u didn;t get my question properly. i am not asking abt adding known host keys of routers for the ids to communicate to the routers.

i want to ssh from a router to the ips. for which i want to add the authorised ssh keys of the router to access the ips.

can u pls tell me abt that. as i told u the problem i am facing while pasting the public key of router onto the ips.

waiting for ur reply.

regards

sebastan

a.kiprawih · ‎12-11-2006

Not sure if I wrongly understand it. But as far as I know, the ssh key you generated in router is good when you need to SSH into that router, and that ssh key will not be recognized by IPS. When you ssh to the router, you should noticed that it will ask you whether to keep permanent or temporary the router's ssh key.

But if you need to add allow host and add ssh to the IPS, you need to use different steps as explained in the above Cisco IPS doc link:

sensor# configure terminal

sensor(config)# ssh host-key 10.1.1.1 ---> enter, if you skip modulus key, it will use 512 as default value

sensor(config)#exit

sensor# show ssh host-keys 10.1.1.1 --> view the ssh key authorised for the router

1024 35

139306213541835240385332922253968814685684523520064131997839905113640120217816869696708721

704631322844292073851730565044879082670677554157937058485203995572114631296604552161309712

601068614812749969593513740598331393154884988302302182922353335152653860589163651944997842

874583627883277460138506084043415861927

MD5: 49:3F:FD:62:26:58:94:A3:E9:88:EF:92:5F:52:6E:7B

Bubble Babble: xebiz-vykyk-fekuh-rukuh-cabaz-paret-gosym-serum-korus-fypop-huxyx

sensor#

HTH

AK

akhmal · ‎12-11-2006

Hi,

I guess tht you need to copy the public key(not the private key) from the router and pasted it in the authorised key file for ssh.

RSA generations will create a public key and private key. Public key remain in the router and only public key be copied.

Hopes that help

sebastan_bach · ‎12-13-2006

ak u are completely wrong and not understanding my question at all.

i said the ips could easily added the ssh keys of the router as known keys. means the ips can access the router via ssh for blocking actions on the router.

i want is to add the router;s ssh keys as the authorised keys . so that i can ssh from the router to the ips.

i hope atleast now u get the question properly.

when i try to paste the keys from the router to the ips it gives a error as i mentioned it above. is there a seperate format for it.

can someone pls help me on this.

regards

sebastan

tedohara1 · ‎12-13-2006

We have similar problem with the public key, and eventually give-up. The IPS-ssh device registration obviously was a good option, and it works well.

tedohara1 · ‎12-13-2006

I think IPS use different key format than router:

border_ro1#sh crypto key mypubkey rsa

% Key pair was generated at: 00:07:28 UTC Dec 12 2006

Key name: border_ro1.xxxxx.com

Usage: General Purpose Key

Key Data:

305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C166E8 D6456A39

744CE5A7 C95D2F1C EFE9F11F 8A2E6F08 2CFA4968 EE8AB1CE 2B8F4159 6B1C6E51

6993DD24 AAB79B18 ED098F0E 00F3BDE9 68819020 1CE94869 D5020301 0001

border_ro1#

sebastan_bach · ‎12-13-2006

hi u are very right. pn the ips when i retrived the ssh of the router with the retrive key command. the ssh key shows on the ips was completely different as to what key the router shows me. i guess the ips changes the format in which the ssh keys are stored.

regards

sebastan

murugan20 · ‎12-13-2006

Hi Sebastan,

I'm one of the Student from Univesity in Malaysia. Currently I'm doing thesis related to Intrusion Prevention System at Host level. I need your help to revert back threats which unable to resolve by current IPS system. I have to investigate on the threats and find the solution. Appreciate if you could share your idea with me. Please do not hesitate to send your email to m.thangavelu@shell.com.

Thanks in adavnce,

Murugan

sebastan_bach · ‎12-13-2006

hi murugan can u tell me in detail what u want to do and what kind of help u need from me. i would like to help u .

see ya

regards

sebastan