Comments on: Configuring SSH (Secure Shell) on a Cisco device

By: Mitesh

Mitesh — Thu, 26 Apr 2012 07:08:16 +0000

HI Jay ,

Thanks for your reply ..
Putty save the router’s public key but what about client’s public key ( putty’s public key ) which needs to be send to the router , that isn’t configured anywhere ..?or both of them uses the same public key ? As in i am thinking from IPSEC VPN method of communication. Is it the same way communication happens with ssh or they use some sort of digital certificates .Kindly help….

By: Jay

Jay — Wed, 25 Apr 2012 13:19:46 +0000

In reply to Mitesh.

Hi Mitesh,

The encryption algorithm used for SSH depends on the version of SSH that is been used.

Version 1 supports: DES and 3DES (for example, there are others)
Version 2 supports 3DES but does not support DES as it’s no longer considered secure enough for management sessions. (There are other algorithms supported as well).

As for the keys, when you generate the keys using the crypto key generate command on a Cisco device, you are creating the key that will be used to secure the communication. When you open putty and connect to the device or the first time you should see a message telling you that the key is not currently in your registry and would you like to accept and save the key. This key will be used for the encryption of your session.

I hope this helps answer your question?

By: Mitesh

Mitesh — Sat, 14 Apr 2012 12:08:37 +0000

Hi ,
Nice explanation ! but i just want to know how that encryption takes place as in routers generate rsa keys , so what does client ( eg. putty ) uses and henceforth how is data encrypted and using symmetric keys or rsa ? it would be great if you can guide me ….