Friday, October 3, 2025

Configure SSH Key in Cisco Nexus Switch

Here's a Cisco link to properly configure SSH in a Cisco Nexus switch. The Nexus switch use a default 1024 bit SSH/RSA key. The correct way to configure a stronger SSH bit level key in a Cisco Nexus switch is using the ssh key rsa 2048 command. However, you can only do this in a new Nexus switch. 

To reconfigure a new SSH key, you'll need to disable SSH feature first. If you're doing this remotely or without a console access, it's advisable to enable Telnet for remote access.

Nexus# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Nexus(config)# feature telnet

 

Open a new Telnet session to the Nexus switch, disable SSH, generate a new RSA key, re-enable SSH and disable Telnet.

 

Nexus# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Nexusconfig)# no feature ssh

XML interface to system may become unavailable since ssh is disabled

Nexus(config)# no ssh key

Nexus(config)# ssh key rsa 2048 force

generating rsa key(2048 bits).....

..

generated rsa key

Nexus(config)# feature ssh

Nexus(config)# no feature telnet

Couldn't disable telnet: Current user is logged in though telnet  // OPEN A NEW SSH SESSION

 

 

Open a new SSH session to the Nexus switch to disable Telnet.

 

Nexus# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Nexus(config)# no feature telnet

Nexus# copy run start

[########################################] 100%

Copy complete.

 

Nexus# show ssh server

ssh version 2 is enabled    // SSH VERSION 2 ENABLED BY DEFAULT

 

Nexus# show ssh key

**************************************

rsa Keys generated:Fri Sep 19 07:20:22 2025

 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfzzzzz

 

bitcount:2048

fingerprint:

b1:36:76:0f:e7:fe:79:2f:ee:e3:77:da:3c:1234:56

**************************************

could not retrieve dsa key information

bitcount: 0

**************************************

 

No comments:

Post a Comment