Hi All,
So my layer 2 network is about 300 Cisco 2960 switches and 400 Cisco autonomous AP's.
Part of my standard rollout is to enable ssh with 2048 modulus ---> crypto key gen rsa mod 2048
After that, I check the key --> show crypto key mypubkey rsa.
What comes up is the 2048 key I created, but also a 512 key and a 768 key.
If I crypto key zeroize rsa then recreate the 2048 modulus key, then show crypto key mypubkey rsa, THEN it shows me only the 2048 modulus key.
Question: Why are the 512 and 768 keys present when I created a 2048 key? And more importantly, which of the three keys is used when the device is SSH'd to? If the 512 and 768 keys will never be used, then I'm good. But if there is a chance they will, I'm going to have to go through all 700 devices manually, zeroize the RSA's, then recreate them as 2048's.
No comments:
Post a Comment