You should change to a more powerful terminal like SecureCRT or use only a size of 2048 Bit which is still very secure.
If you are using Putty in the actual version (0.63 at the time of writing), this is more then Putty can handle. For my setups (with MacOS and Linux clients) I configure a bitlength of 4096 Bit. By default this is done with 768 Bit, which is not state-of-the-art any more. When the SSH-session is established, the session-keys are computed with the Diffie-Hellmann key exchange protocol. The RSA-Keypair is assigned to the SSH-config: And it typically doesn't hurt to have better crypto then the others.Ĭrypto key generate rsa label SSH-KEY modulus 4096 But by far not that slow that it's unusable. Thats more then recommended on sites like and makes the session-setup a little slower. The default-keylength ist typically too small, it's time to move to a stronger crypto.
In this command we use a dedicated label "SSH-KEY" which we later assign to the SSH-config.
It always starts with the generation of a public/private keypair that will be only used for the SSH-process. The client-side part of this document can also be used for checking the settings on a Linux-system. This document shows how to set up SSH on IOS and ASA for advanced session-security and how to configure an Apple Mac with OS X to only negotiate secure crypto. But many of them propose settings that are not adequate any more. There are countless recommendations for the configuration of SSH on Cisco devices available.
0 kommentar(er)
