Crypto Key SSH

control

Do you have to set the domain name in a router to generate a key for SSH? I've read that this is only required if you don't want to name the key yourself.

I'm guessing for the CCNA exam I should be sticking with setting the domain name?

Also gets me thinking that if it is done via domain name, wouldn't this increase the chances of the key being cracked, if the name is known?

MAC_Addy

In answer to your first question, yes you do.

If you're just labbing you can put in test.com, it doesn't have to link to an actual domain name.

control

I was reading about advanced SSH settings and apparently you can use the following syntax without a hostname / domain name.

crypto key generate rsa general-keys label xxxxxxxxx


is this for something different?

lrb

If you have key labels set when you generate the keys you can have multiple key pairs. Instead of the key name being hostname.domain-name the keys will be referenced by their key labels that you provide when generating them.

control wrote: »

I was reading about advanced SSH settings and apparently you can use the following syntax without a hostname / domain name.

crypto key generate rsa general-keys label xxxxxxxxx


is this for something different?

Crap I only glazed over this post and yes this is exactly what you need to specify (other than the general-keys bit, that only specifies that the same key pair is used for encrypting and signing (reducing the security of the keys more so than if you used a different set of keys for doing each function independantly)).