New Wind

Cisco Catalyst は SSH でのログインも可能ですが、enable する方法が独特です。

• aaa new-model
• crypto key generate rsa

今回は以下のバージョンでの結果を示します。

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 52    WS-C2960S-48TS-L   15.2(1)E              C2960S-UNIVERSALK9-M

設定前

sw#sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

version 2.0 は、事前に

sw(config)#ip ssh version 2

を実行していたために返されています。

crypto key generate rsa

sw(config)#crypto key generate rsa
The name for the keys will be: sw.drive.ne.jp
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

すでに設定されている場合は、

sw(config)#crypto key generate rsa
% You already have RSA keys defined named sw.drive.ne.jp.
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

yes とタイプして初めて先に進むことが出来ます。

モジュラスサイズによる実行時間とキーの変化

• 512 bit

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)

sw#sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDjwf6+GVqQdVSlRdda1GAYxOITkajv/BS6XsaEKrfW
qqCHHGGs+NQcHocFp6YC8F3FnaJ+VCTKbEideKSyOwFT

• 1024 bit

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 4 seconds)

sw#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDpNBAfuz+u2CVQAsU4DZaMHjftQHxXo4DFE8Ukaohz
Gp9U6ZO/j5XmhXYpwBOSvJb0Peve6Zd2t04rLKOxlEaWs9xA5iRLnjLt332nmzRgTJyjGbAFboa1jKLQ
9g2QBwoSxN5PhqdjcZ2Lbj9y9H2K/yZRjAKBV4TgsJkt+js1Kw==

• 2048 bit

How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 24 seconds)

sw#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtc5De4fxJeI0eIJbRJD9Px8ieiSHTLcGnmoy0e82k
Bg1E7pZkq3e5VuSKxXZURrum2eu7QPOIWItG9Y4llge2Sdqo/PKFHttal2H5rrs6RdsSHWB37ELxdUhR
Jz6QRe7DLrpZVx7lU75XUWn20/vjEh5+meABqTWgrJdcwNf0C5tb6PTJmlTw+eTbDrUXUwVJdD29LB7Y
oHt8G2pRRvS5qRbNEjSG7tjsJztB9bC86O1+PtAxkCc4yIWwdygkrpkI7MLzZF1Qy8SGDaUcvHNSeFCa
4o2PXpL7nmmyQjoXAfUZQiRcsa4PzqP2TkQG93spa5bUrSocvjgR18v3/Aj5

• 4096 bit

How many bits in the modulus [512]: 4096
% Generating 4096 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 341 seconds)

sw#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCySX075zZPCZXQ17HY+eYUFtG9QvjlNEXAweOmvSOm
MZISWLAOKKSHr2IuFCM85Ga1rCo4NxCk0vXsHZSPBsaq8eWP+KDj9PJMXneAdDd5p6cA3nU6shEOI5Am
ICgxYA8YKUZzwwI0fov1qaOMN5vKCzi+MVmDfOac1jsQa/NIW3aZ9/CGzE3HS+UTsBWmIYQEuljQLvAD
uSmrQWorIcLX9pd6tNbNdAj93TqeOGyDLK0aKJ11jzQyw/+nMkXUxJ3fL/S8tBnKPayMPv+fwH1aBZJm
SmzsFrWlo0v5f72YMGYapMFgX3D2ownmJk2sKn6ZKEsm3fzP9i7TIFKBpuqXTlpKL+35mEtvZpISHO97
iZwK9wHZQnoW1wwjltQI+qJ5jccNFSgLah2PmdZx17nPXfR39+HBJrKvx6Fr7sKFWsWGKrIIXmWGFYiA
tnQ+g6IC6g8dopNIustiasZ9Ka3VJ8lyKLk4IRip4YygHyD6fD+X68Gm+4+6bQieB8vjDHx7MBsecqyM
bUrY4bNwF7RLzTWPxI3hLpTkaTCFwantsrr2Ni5dSI5q6T+fo9KLxuOvyE9fRa3/1sAZv7OnmnCFPRwa
do2PJ1/bUVF6jpq23VCIzVVsKTuSXqry3mY+JDW7dSeLj1Ae+O3R/kv1eDNKo+nWGK6kba6yaRZos69U

• Cisco Catalyst 2960S IOS Update (Part 1) (ダウンロード, バックアップ)
• Cisco Catalyst 2960S IOS Update (Part 2) (12.2 系 -> 15.2 系)
• Cisco Catalyst 2960S IOS Update (Part 3) (15.0 系 -> 15.2 系)
• Cisco Catalyst 2960S IOS Update (Part 4) (設定初期化)
• Cisco Catalyst 2960S - interface range
• Cisco Catalyst 2960S - crypto key generate rsa
• Cisco Catalyst 2960S - crypto key generate rsa modulus
• Cisco Catalyst 2960S - ip device tracking (Part 1)
• Cisco Catalyst 2960S - ip device tracking (Part 2)