Cisco Cisco Packet Data Gateway (PDG) Guida All'Installazione
Initial System Configuration
Configuring SSH Options ▀
ASR 5500 Installation Guide ▄
127
Configuring SSH Options
SSHv2 RSA is the only version of SSH supported under StarOS. Keywords previously supported for SSHv1 RSA and
SSHv2 DSA have been removed from or concealed within the StarOS CLI.
SSHv2 DSA have been removed from or concealed within the StarOS CLI.
Important:
A keyword that was supported in a previous release may be concealed in subsequent releases. StarOS
continues to parse concealed keywords in existing scripts and configuration files created in a previous release. But the
concealed keyword no longer appears in the command syntax for use in new scripts or configuration files. Entering a
question mark (?) will not display a concealed keyword as part of the Help text. Removed keywords generate an error
message when parsed.
concealed keyword no longer appears in the command syntax for use in new scripts or configuration files. Entering a
question mark (?) will not display a concealed keyword as part of the Help text. Removed keywords generate an error
message when parsed.
Version 1 of the SSH protocol is now obsolete due to security vulnerabilities. The v1-rsa keyword has been removed
for the Context Configuration mode ssh command. Running a script or configuration that uses the SSHv1-RSA key
returns an error message and generates an event log. The output of the error message is shown below:
for the Context Configuration mode ssh command. Running a script or configuration that uses the SSHv1-RSA key
returns an error message and generates an event log. The output of the error message is shown below:
CLI print failure Failure: SSH V1 contains multiple structural vulnerabilities
and is no longer considered secure. Therefore we don't support v1-rsa SSH key any
longer, please generate a new v2-rsa key to replace this old one.
and is no longer considered secure. Therefore we don't support v1-rsa SSH key any
longer, please generate a new v2-rsa key to replace this old one.
If the system boots from a configuration that contains the v1-rsa key, you can expect a boot failure when logging in
through SSH. The workaround is to log in via the Console port, re-generate a new ssh v2-rsa key, and configure server
sshd. It will then be possible to log in via ssh.
through SSH. The workaround is to log in via the Console port, re-generate a new ssh v2-rsa key, and configure server
sshd. It will then be possible to log in via ssh.
The v2-dsa keyword is now concealed for the Context Configuration mode ssh command
The v1-rsa keyword has been removed from the Exec mode show ssh key CLI command.
SSH Keys
Setting SSH Key Size
The Global Configuration mode ssh key-size CLI command configures the key size for SSH key generation for all
contexts (RSA host key only).
contexts (RSA host key only).
Step 1
Enter the Global Configuration mode.
[local]host_name# configure
[local]host_name(config)#
[local]host_name(config)#
Step 2
Specify the bit size for SSH keys.
[local]host_name(config)# ssh key-size { 2048 | 3072 | 4096 | 5120 | 6144 | 7168
| 9216 }
| 9216 }
The default bit size for SSH keys is 2048 bits.