2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Use this command to generate RSA key pairs for your Cisco device.

RSA keys are generated in pairs--one public RSA key and one private RSA key.

Rationale:

An RSA key pair is a prerequisite for setting up SSH and should be at least 2048 bits.

NOTE: IOS does NOT display the modulus bit value in the Audit Procedure.

Impact:

Organizations should plan and implement enterprise network cryptography and generate an appropriate RSA key pairs, such as 'modulus', greater than or equal to 2048.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Generate an RSA key pair for the router.

hostname(config)#crypto key generate rsa general-keys modulus <em>2048</em>

Default Value:

RSA key pairs do not exist.

See Also

https://workbench.cisecurity.org/files/3762