Crypto Key SSH
control
Member Posts: 309
in CCNA & CCENT
Do you have to set the domain name in a router to generate a key for SSH? I've read that this is only required if you don't want to name the key yourself.
I'm guessing for the CCNA exam I should be sticking with setting the domain name?
Also gets me thinking that if it is done via domain name, wouldn't this increase the chances of the key being cracked, if the name is known?
I'm guessing for the CCNA exam I should be sticking with setting the domain name?
Also gets me thinking that if it is done via domain name, wouldn't this increase the chances of the key being cracked, if the name is known?
Comments
-
MAC_Addy Member Posts: 1,740 ■■■■□□□□□□In answer to your first question, yes you do.
If you're just labbing you can put in test.com, it doesn't have to link to an actual domain name.2017 Certification Goals:
CCNP R/S -
control Member Posts: 309I was reading about advanced SSH settings and apparently you can use the following syntax without a hostname / domain name.
crypto key generate rsa general-keys label xxxxxxxxx
is this for something different? -
lrb Member Posts: 526If you have key labels set when you generate the keys you can have multiple key pairs. Instead of the key name being hostname.domain-name the keys will be referenced by their key labels that you provide when generating them.I was reading about advanced SSH settings and apparently you can use the following syntax without a hostname / domain name.
crypto key generate rsa general-keys label xxxxxxxxx
is this for something different?
Crap I only glazed over this post and yes this is exactly what you need to specify (other than the general-keys bit, that only specifies that the same key pair is used for encrypting and signing (reducing the security of the keys more so than if you used a different set of keys for doing each function independantly)).