Creating SSH keys on a Cisco PIX (how retro!)

Today I was faced with replacing an old Cisco PIX 515 (not the 515E) with another equally old Cisco PIX 515, equipped with a mighty 32MB RAM and only capable of single DES. With its FOS 6.4 operating system compiled in 2004, this was blast from the past. Of course when I changed the hostname to reflect the new location of the device, the warning came up about the ssh keys being invalid. In order to SSH onto a PIX/ASA the device requires the following:

  • set the domain-name
  • set the hostname
  • allow incoming SSH with the ssh command
  • generate keys

No problem, but in the new parlance, the command for key generation is:

crypto key generate rsa modulus 1024

however in the ‘old’ days (pre FOS 7) it was:

ca zerioze rsa
ca generate rsa key 2048
ca save all

Oh how I miss those days, no auto complete, no hair-pinning, no SSL VPN, etc, etc.

This entry was posted in Cisco and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *