This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the minimum recommended crypto key setting?

Go to solution
tommy_steele
New Contributor III

‎11-02-2022 06:09 AM

I've configured "crypto key gen" which generates a 1024 DSA key but when I putty/ssh in, I get this warning:  The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold.

Should I go with "crypto key gen rsa 2048" or something similar?  

Thanks.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
BenBeck
Moderator
Moderator

‎11-02-2022 06:40 AM

The warning level is generally a client-side configuration option.

In regards to better key gen options:

*what you mentioned

SSH@ICX(config)#crypto key gen rsa modulus 2048

and/or

SSH@ICX(config)#crypto key generate ec size 384

There is more information about encryption methods in 'show ip ssh config'. Supported methods change a bit from code to code. Our security guide is a good place to look. Here is the 8095 version, but you can find the same document for whatever code you are running:

https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-8F5FD2C5-0AC4-4EBA-BEE8-E4E...

From mentioned page > Home > RUCKUS ICX Switches > Pick code train on left side > Security guide for SSH items

Hope that helps!

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

View solution in original post

1 REPLY 1

Go to solution
BenBeck
Moderator
Moderator

‎11-02-2022 06:40 AM

The warning level is generally a client-side configuration option.

In regards to better key gen options:

*what you mentioned

SSH@ICX(config)#crypto key gen rsa modulus 2048

and/or

SSH@ICX(config)#crypto key generate ec size 384

There is more information about encryption methods in 'show ip ssh config'. Supported methods change a bit from code to code. Our security guide is a good place to look. Here is the 8095 version, but you can find the same document for whatever code you are running:

https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-8F5FD2C5-0AC4-4EBA-BEE8-E4E...

From mentioned page > Home > RUCKUS ICX Switches > Pick code train on left side > Security guide for SSH items

Hope that helps!

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us
Copyright © 2024 Khoros, LLC