Here's a Cisco link to properly configure SSH in a Cisco Nexus switch. The Nexus switch use a default 1024 bit SSH/RSA key. The correct way to configure a stronger SSH bit level key in a Cisco Nexus switch is using the ssh key rsa 2048 command. However, you can only do this in a new Nexus switch.
To reconfigure a new SSH key, you'll need to disable SSH feature first. If you're doing this remotely or without a console access, it's advisable to enable Telnet for remote access.
Nexus# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Nexus(config)# feature telnet
Open a new Telnet session to the Nexus switch, disable SSH, generate a new RSA key, re-enable SSH and disable Telnet.
Nexus# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Nexusconfig)# no feature ssh
XML interface to system may become unavailable since ssh is disabled
Nexus(config)# no ssh key
Nexus(config)# ssh key rsa 2048 force
generating rsa key(2048 bits).....
..
generated rsa key
Nexus(config)# feature ssh
Nexus(config)# no feature telnet
Couldn't disable telnet: Current user is logged in though telnet // OPEN A NEW SSH SESSION
Open a new SSH session to the Nexus switch to disable Telnet.
Nexus# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Nexus(config)# no feature telnet
Nexus# copy run start
[########################################] 100%
Copy complete.
Nexus# show ssh server
ssh version 2 is enabled // SSH VERSION 2 ENABLED BY DEFAULT
Nexus# show ssh key
**************************************
rsa Keys generated:Fri Sep 19 07:20:22 2025
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfzzzzz
bitcount:2048
fingerprint:
b1:36:76:0f:e7:fe:79:2f:ee:e3:77:da:3c:1234:56
**************************************
could not retrieve dsa key information
bitcount: 0
**************************************
No comments:
Post a Comment