Configuring IOS devices for SSH using Public/Private RSA keys in Windows | (CCIE Notes)

Configuration on the IOS router:

hostname R1
ip domain-name
crypto key generate rsa general-keys label SSH-KEYS exportable modulus 1024
crypto key encrypt write rsa name SSH-KEYS passphrase cisco123
ip ssh version 2
ip ssh rsa keypair-name SSH-KEYS
ip ssh pubkey-chain 
 username admin

– The RSA key is configured as exportable so you can copy and save it to a secure location for future use.
– The ‘key-string’ used under the username ‘admin’ is the public key of the users PC.

Generating public keys on a Windows host machine:

Note: I have used SecureCRT to generate the key pair. You can also use puttygen to achieve the same.

1.  Quick Connect to the IOS router, select PublicKey for authentication and click on Properties…

Quick Connect

2. Click on Create Identity File…Create Identity File

3. Click NextClick Next

4. Select RSA from the drop down menuSelect RSA keys

5. Enter a Passphrase to encrypt the Private key. This is not required but recommended. Also the comment can either be ignored or you can put anything in there.

Encrypt Private Key

6. Specify the key length

Key Length

7. Move your cursor in the blank space of the window to generate random input which will be used during key generation.

Random input for key generation

8. You cannot change the location of the public key, but you specify where you want to save the private key. Default location for public and private key (Windows XP);

C:\Documents and Settings\Administrator\Application Data\VanDyke\Identity
C:\Documents and Settings\Administrator\Application Data\VanDyke\

Key location

9. Say ‘No’ to upload the key to the router.

Decline the key upload

10. Open the Public key

Original file

11. Add ssh-rsa to the encrypted string as shown below and copy the selected text.

Add ssh-rsa to the encrypted string

12. Paste the key-string as shown below;

Paste the key-string

13. Click on Connect in the Quick Connect window

Connect to the IOS router

14. You have now successfully authenticated to the IOS router using RSA keys. Make sure you have saved the session so you won’t be prompted for an authentication again.

Successfully SSHed to the IOS router using RSA keys

Bookmark to follow my CCIE Security v4 journey –>

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s