When you generate "special usage keys" in a router one is encrypted and the other is a signature key. Should the signature key be copied and saved into a file and placed on the emulator you are using??
Is there any benefit of using special usage keys over general usage keys that are encrypted on the cisco device?
I have read the docs on cisco.com in relation to what can be accomplished by encrypting keys. The point being there is not enough documentation on the usage of these SSH keys and what is the "best-practice" for a solid security scheme.
This document discusses how to configure and debug Secure Shell (SSH) on Cisco routers or switches that run a version of Cisco IOS. Software that supports SSH. This document contains more information on specific versions and software images.
I'd be curious if they expired or if the device rebooted and the keys weren't saved with a 'write mem'. Next time this happens before generating new keys you can see if any keys are present by issuing 'show crypto key mypubkey rsa'. From reading their documenatoin I'm not under the impression that after saving these keys that they should ever expire. If there are no keys listed after running the ;show key mypubkey rsa' command then I'm guessing the device rebooted without saving configuration taking your keys with them. Also if you have to do a password recovery on a device the rsa keys are removed and you have to regenerate them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...