Ssh Host Keys - Cisco ASR 5000 Series Administration Manual

SSH Host Keys

The v1-rsa keyword has been removed from the Exec mode show ssh key CLI command.
SSH Host Keys
SSH key-based authentication uses two keys, one "public" key that anyone is allowed to see, and another
"private" key that only the owner is allowed to see. You create a key pair, securely store the private key on
the device you want to log in from, and store the public key on the system (ASR 5500) that you wish to log
into.
SSH host keys are generated within a specified StarOS context. The context is associated with a user interface.
You set or remove an administrative user name having authorized keys for access to the sshd server associated
with context.
Setting SSH Key Size
The Global Configuration mode ssh key-size CLI command configures the key size for SSH key generation
for all contexts (RSA host key only).
Step 1 Enter the Global Configuration mode.
host_name
[local]
host_name
[local]
Step 2 Specify the bit size for SSH keys.
host_name
[local]
The default bit size for SSH keys is 2048 bits.
Configuring SSH Key Generation Wait Time
SSH keys can only be generated after a configurable time interval has expired since the last key generation.
The ssh key-gen wait-time command specifies this wait time in seconds. The default interval is 300 seconds
(5 minutes).
Step 1 Enter the context configuration mode.
host_name
[local]
[local]host_name(config-ctx)#
Step 2 Specify the wait time interval.
host_name
[local]
host_name
[local]
Notes:
• seconds is specified as an integer from 0 through 86400. Default = 300
ASR 5500 System Administration Guide, StarOS Release 21.4
30
configure
#
(config)#
ssh key-size { 2048 | 3072 | 4096 | 5120 | 6144 | 7168 | 9216 }
(config)#
context context_name
(config)#
ssh key-gen wait-time seconds
(config-ctx)#
(config-ctx)#
Getting Started