Configuring Ssh Options; Setting Ssh Key Size - Cisco ASR 5500 Installation Manual

Hide thumbs Also See for ASR 5500:

System administration manual (430 pages)

Administration manual (410 pages)

Installation manual (174 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

page of 192

/ 192
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring SSH Options

Step 9

Enter end to exit the configuration mode.

[local]host_name(config)#

[local]host_name#

Step 10

Proceed to

Save the Basic Configuration, on page

Configuring SSH Options

SSHv2 RSA is the only version of SSH supported under StarOS. Keywords previously supported for SSHv1

RSA and SSHv2 DSA have been removed from or concealed within the StarOS CLI.

Important

Version 1 of the SSH protocol is now obsolete due to security vulnerabilities. The v1-rsa keyword has been

removed for the Context Configuration mode ssh command. Running a script or configuration that uses the

SSHv1-RSA key returns an error message and generates an event log. The output of the error message is

shown below:

CLI print failure Failure: SSH V1 contains multiple structural vulnerabilities and is no

longer considered secure. Therefore we don't support v1-rsa SSH key any longer, please

generate a new v2-rsa key to replace this old one.

If the system boots from a configuration that contains the v1-rsa key, you can expect a boot failure when

logging in through SSH. The workaround is to log in via the Console port, re-generate a new ssh v2-rsa key,

and configure server sshd. It will then be possible to log in via ssh.

The v2-dsa keyword is now concealed for the Context Configuration mode ssh command

The v1-rsa keyword has been removed from the Exec mode show ssh key CLI command.

Setting SSH Key Size

The Global Configuration mode ssh key-size CLI command configures the key size for SSH key generation

for all contexts (RSA host key only).

Step 1

Enter the Global Configuration mode.

host_name

[local]

host_name

[local]

Step 2

Specify the bit size for SSH keys.

host_name

[local]

The default bit size for SSH keys is 2048 bits.

ASR 5500 Installation Guide

106

end

A keyword that was supported in a previous release may be concealed in subsequent releases. StarOS

continues to parse concealed keywords in existing scripts and configuration files created in a previous

release. But the concealed keyword no longer appears in the command syntax for use in new scripts or

configuration files. Entering a question mark (?) will not display a concealed keyword as part of the Help

text. Removed keywords generate an error message when parsed.

configure

(config)#

ssh key-size { 2048 | 3072 | 4096 | 5120 | 6144 | 7168 | 9216 }

(config)#

112.

Initial System Configuration

Table of Contents

Configuring Ssh Options; Setting Ssh Key Size - Cisco ASR 5500 Installation Manual

Configuring SSH Options

Configuring SSH Options

Setting SSH Key Size

Related Manuals for Cisco ASR 5500

Related Content for Cisco ASR 5500

Table of Contents