Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to verify the SSH version 2 key length

Hi All,

I would like to know the SSH version 2 key length on my 2821 router like 768, 1024 or 2048. Is there a show command or other command to do the job? I tried "show ssh" and "show ip ssh" but won't help.

Any input will be appreciated.

2 REPLIES
Purple

Re: How to verify the SSH version 2 key length

  I don't know any command that will tell you that . You can look at the key itself but it does not tell you what length the key is .  

Re: How to verify the SSH version 2 key length

Hi All,

I would like to know the SSH version 2 key length on my 2821 router like 768, 1024 or 2048. Is there a show command or other command to do the job? I tried "show ssh" and "show ip ssh" but won't help.

Any input will be appreciated.

Hi Robert,

As suggested it is not possible to check the key length but genral speaking about the modulus lenghth is  When you generate RSA keys, you will be prompted to enter a modulus length. The longer the modulus, the stronger the security. However a longer modules takes longer to generate (see Table 12 for sample times) and takes longer to use.

Cisco IOS software does not support a modulus greater than 4096 bits. A length of less than 512 bits is normally not recommended. In certain situations, the shorter modulus may not function properly with IKE, so we recommend using a minimum modulus of 1024 bits.

Note As of Cisco IOS Release 12.4(11)T, peer public RSA key modulus values up to 4096 bits are automatically supported.

The largest private RSA key modulus is 2048 bits. Therefore, the largest RSA private key a router may generate or import is 2048 bits.

The recommended modulus for a CA is 2048 bits; the recommended modulus for a client is 1024 bits.

Sample Times by Modulus Length to Generate RSA Keys
Router           360 bits                 512 bits           1024 bits               2048 bits (maximum)

Cisco 2500   11 seconds             20 seconds      4 minutes, 38 seconds more than 1 hour

Cisco 4700   less than 1 second   1 second       4 seconds    50 seconds

Hope to help

Regards

Ganesh.H

9687
Views
0
Helpful
2
Replies