Today I was faced with replacing an old Cisco PIX 515 (not the 515E) with another equally old Cisco PIX 515, equipped with a mighty 32MB RAM and only capable of single DES. With its FOS 6.4 operating system compiled in 2004, this was blast from the past. Of course when I changed the hostname to reflect the new location of the device, the warning came up about the ssh keys being invalid. In order to SSH onto a PIX/ASA the device requires the following:
- set the domain-name
- set the hostname
- allow incoming SSH with the ssh command
- generate keys
No problem, but in the new parlance, the command for key generation is:
crypto key generate rsa modulus 1024
however in the ‘old’ days (pre FOS 7) it was:
ca zerioze rsa ca generate rsa key 2048 ca save all
Oh how I miss those days, no auto complete, no hair-pinning, no SSL VPN, etc, etc.