Chapter 2 Enabling Remote Access to the ACE
Configuring SSH Management Sessions
2-18
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
The syntax of this command is:
ssh key
{
dsa
|
rsa
|
rsa1
} [
bits
[
force
]]
The arguments, keywords, and options are:
•
dsa
—Generates the DSA key pair for the SSH version 2 protocol.
•
rsa
—Generates the RSA key pair for the SSH version 2 protocol.
•
rsa1
—Generates the RSA1 key pair for the SSH version 1 protocol.
•
bits—
(Optional) Specifies the number of bits for the key pair. For DSA, the
range is from 768 to 2048. For RSA and RSA1, the range is from 768 to 4096.
The greater the number of bits that you specify, the longer it takes to generate
the key. The default is 768.
•
force
—(Optional) Forces the generation of a DSA or RSA key even when
previous keys exist. If the SSH key pair option is already generated for the
required version, use the
force
option to overwrite the previously generated
key pair.
Before you generate the key, set the hostname and the domain name. These two
settings are used in the key. See
Chapter 1, Setting Up the ACE
, for details on
setting a hostname and to the
Cisco 4700 Series Application Control Engine
Appliance Virtualization Configuration Guide
for details on configuring a
domain.
For example, to generate an RSA1 key pair in the Admin context, enter:
host1/Admin(config)#
ssh key rsa1 1024
generating rsa1 key
.....
generated rsa1 key
To remove the SSH host key pair, enter:
host1/Admin(config)#
no ssh key rsa1
To clear the public keys of all trusted hosts, use the
clear ssh hosts
Exec
command. These keys are either sent to an SSH client by an SSH server or are
entered manually. When a SSH connection is made from the ACE, the SSH client
receives the public key and stores it locally. To clear all these keys, use the
clear
ssh hosts
command in Exec mode.