InformationGenerates an RSA key pair used by SSH protocol of at least 2048 bits
Secure Shell (SSH) is a secure remote-login protocol. The ASA allows SSH connections to the ASA for management purposes and supports the SSH DES and 3DES ciphers. SSH uses a key-exchange method based on Rivest-Shamir-Adleman (RSA) public-key. Since RSA 1024-bit keys are likely to become crackable, it is recommended to have RSA keys of at least 2048 bits.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionStep 1: Acquire the enterprise standard RSA key size greater or equal than 2048 bits
Step 2: If the audit procedure revealed existing non-compliant key pairs, run the following to remove them:
hostname(config)#crypto key zeroize rsa
Step 3: Run the following to generate compliant RSA key pair:
hostname(config)# crypto key generate rsa modulus <enterprise_RSA_key_size>
Step 4: Run the following to save the RSA keys to persistent Flash memory