Cisco Catalyst は SSH でのログインも可能ですが、enable する方法が独特です。
- aaa new-model
- crypto key generate rsa
今回は以下のバージョンでの結果を示します。
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 52 WS-C2960S-48TS-L 15.2(1)E C2960S-UNIVERSALK9-M
設定前
sw#sh ip ssh SSH Disabled - version 2.0 %Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2). Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE
version 2.0 は、事前に
sw(config)#ip ssh version 2
を実行していたために返されています。
crypto key generate rsa
sw(config)#crypto key generate rsa The name for the keys will be: sw.drive.ne.jp Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
すでに設定されている場合は、
sw(config)#crypto key generate rsa % You already have RSA keys defined named sw.drive.ne.jp. % Do you really want to replace them? [yes/no]: yes Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
yes とタイプして初めて先に進むことが出来ます。
モジュラスサイズによる実行時間とキーの変化
- 512 bit
How many bits in the modulus [512]: % Generating 512 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 1 seconds)
sw#sh ip ssh SSH Enabled - version 1.5 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDjwf6+GVqQdVSlRdda1GAYxOITkajv/BS6XsaEKrfW qqCHHGGs+NQcHocFp6YC8F3FnaJ+VCTKbEideKSyOwFT
- 1024 bit
How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 4 seconds)
sw#sh ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDpNBAfuz+u2CVQAsU4DZaMHjftQHxXo4DFE8Ukaohz Gp9U6ZO/j5XmhXYpwBOSvJb0Peve6Zd2t04rLKOxlEaWs9xA5iRLnjLt332nmzRgTJyjGbAFboa1jKLQ 9g2QBwoSxN5PhqdjcZ2Lbj9y9H2K/yZRjAKBV4TgsJkt+js1Kw==
- 2048 bit
How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 24 seconds)
sw#sh ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtc5De4fxJeI0eIJbRJD9Px8ieiSHTLcGnmoy0e82k Bg1E7pZkq3e5VuSKxXZURrum2eu7QPOIWItG9Y4llge2Sdqo/PKFHttal2H5rrs6RdsSHWB37ELxdUhR Jz6QRe7DLrpZVx7lU75XUWn20/vjEh5+meABqTWgrJdcwNf0C5tb6PTJmlTw+eTbDrUXUwVJdD29LB7Y oHt8G2pRRvS5qRbNEjSG7tjsJztB9bC86O1+PtAxkCc4yIWwdygkrpkI7MLzZF1Qy8SGDaUcvHNSeFCa 4o2PXpL7nmmyQjoXAfUZQiRcsa4PzqP2TkQG93spa5bUrSocvjgR18v3/Aj5
- 4096 bit
How many bits in the modulus [512]: 4096 % Generating 4096 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 341 seconds)
sw#sh ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCySX075zZPCZXQ17HY+eYUFtG9QvjlNEXAweOmvSOm MZISWLAOKKSHr2IuFCM85Ga1rCo4NxCk0vXsHZSPBsaq8eWP+KDj9PJMXneAdDd5p6cA3nU6shEOI5Am ICgxYA8YKUZzwwI0fov1qaOMN5vKCzi+MVmDfOac1jsQa/NIW3aZ9/CGzE3HS+UTsBWmIYQEuljQLvAD uSmrQWorIcLX9pd6tNbNdAj93TqeOGyDLK0aKJ11jzQyw/+nMkXUxJ3fL/S8tBnKPayMPv+fwH1aBZJm SmzsFrWlo0v5f72YMGYapMFgX3D2ownmJk2sKn6ZKEsm3fzP9i7TIFKBpuqXTlpKL+35mEtvZpISHO97 iZwK9wHZQnoW1wwjltQI+qJ5jccNFSgLah2PmdZx17nPXfR39+HBJrKvx6Fr7sKFWsWGKrIIXmWGFYiA tnQ+g6IC6g8dopNIustiasZ9Ka3VJ8lyKLk4IRip4YygHyD6fD+X68Gm+4+6bQieB8vjDHx7MBsecqyM bUrY4bNwF7RLzTWPxI3hLpTkaTCFwantsrr2Ni5dSI5q6T+fo9KLxuOvyE9fRa3/1sAZv7OnmnCFPRwa do2PJ1/bUVF6jpq23VCIzVVsKTuSXqry3mY+JDW7dSeLj1Ae+O3R/kv1eDNKo+nWGK6kba6yaRZos69U
- Cisco Catalyst 2960S IOS Update (Part 1) (ダウンロード, バックアップ)
- Cisco Catalyst 2960S IOS Update (Part 2) (12.2 系 -> 15.2 系)
- Cisco Catalyst 2960S IOS Update (Part 3) (15.0 系 -> 15.2 系)
- Cisco Catalyst 2960S IOS Update (Part 4) (設定初期化)
- Cisco Catalyst 2960S - interface range
- Cisco Catalyst 2960S - crypto key generate rsa
- Cisco Catalyst 2960S - crypto key generate rsa modulus
- Cisco Catalyst 2960S - ip device tracking (Part 1)
- Cisco Catalyst 2960S - ip device tracking (Part 2)
