Information
SSH sessions are encrypted using a key unique to the host (in this case the NX-OS switch). It is recommended that this key be 2048 bytes long or longer.
While attacking encryption algorithms is not practical for commodity malware, it definitely is possible. As remediation is so easily done it is definitely recommended.
Solution
Again, this must be implemented using an out-of-band (ie - not ssh) method.
switch(config)# no feature ssh
switch(config)# ssh key rsa 2048 force
switch(config)# feature ssh
Impact:
Implementing this feature requires the deletion of the existing (default) ssh keys, which are 1024 bytes in length.This means that this change must be implemented using some other access method, such as using the console port or a temporary telnet session (be sure to disable telnet after remediation if this method is used)