Generating The Ssh Server Key Pair - Cisco MDS 9000 Series Configuration Manual

Generating the SSH Server Key Pair

Starting from Cisco MDS NX-OS Release 8.2(1), SHA2 fingerprint hashing is supported on all Cisco MDS
devices by default.
For more information about configuring SSH services, see
Generating the SSH Server Key Pair
Be sure to have an SSH server key pair with the appropriate version before enabling the SSH service. Generate
the SSH server key pair according to the SSH client version used. The number of bits specified for each key
pair ranges from 768 to 2048.
Starting from Cisco MDS NX-OS Release 8.2(1), the minimum RSA key size in FIPS mode should be 2048
bits.
The SSH service accepts two types of key pairs for use by SSH version 2.
• The dsa option generates the DSA key pair for the SSH version 2 protocol.
• The rsa option generates the RSA keypair for the SSH version 2 protocol.
Caution If you delete all of the SSH keys, you cannot start a new SSH session.
To generate the SSH server key pair, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# ssh key dsa 1024
Example:
generating dsa key.....
generated dsa key
Generates the DSA server key pair.
Step 3 switch(config)# ssh key rsa 1024
Example:
generating rsa key.....
generated rsa key
Generates the RSA server key pair.
Step 4 switch(config)# no ssh key rsa 1024
Example:
cleared RSA keys
Clears the RSA server key pair configuration.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
156
Configuring SSH Services
Configuring SSH Services, on page 155