why is domain-name needed for generating SSH keys?
One needs to define domain-name before it's possible to generate SSH keys:
Why is domain-name required? Is the domain-name used in key generation?
sw1(config)#crypto key generate rsa % Please define a domain-name first. sw1(config)#ip domain-name test.net sw1(config)#crypto key generate rsa The name for the keys will be: sw1.test.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]:
Why is domain-name required? Is the domain-name used in key generation?
Comments
I'm guessing its just a way to track the keys within the file system, if you look at the below output:
If you were to cat the public key it would also probably have the hostname + domain name as metadata.
ok, I understand now. ssh-keygen supports similar functionality:
Result looks like this:
I see it only as a label. Without knowing how the specific vendor did it, I would not know.
The formula for "RSA" for example, is designed for using numbers as input. Whether or not a vendor translates this into part of what determines a pseudo random number, for example, I dunno.
The reason I only think it's a label for the key (so you can keep track of it).
Look at this command:
[h=2]crypto key pubkey-chain rsa[/h]
That command allows you to make your own keys, from the CLI. one command is required to label the key in some way, with either an IP address, or a name.
Internet Key Exchange Security Protocol Commands [Support] - Cisco Systems
If you look here you can see here, it says either specify a label, or it uses the domain name:
Internet Key Exchange Security Protocol Commands [Support] - Cisco Systems
Keep in mind the disclaimer that I don't know how Cisco has implemented the algorithm, so if there is somewhere they use it for seed data, then cool, it matters. Otherwise, it's just a label.
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)