NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
M4300 - RSA key lenth too short?
I was provisioning a new M4300-52G today, from a new system with RHEL 9 installed on it. Part of my provisioning process is to disable telnet and enable ssh. This has worked fine for years, except ...
I never found a way to generate longer RSA keys on the switch via the CLI, but it may be possible to generate keys on an external system and copy those in. I will try that some time when I have access to a switch that I can afford downtime on if it does not work.
There is a way to bypass this error from RHEL 9 systems, however. The tl;dr: workaround is to do:
ssh -o RSAMinSize=1024 admin@switch
This is because RedHat sets this variable, RSAMinSize to 2048 in /etc/crypto-policies/back-ends/openssh.config. Since this is a configuration option, it can be specified in the command line, in the users ssh_config, or in global /etc/ssh/ssh_config.
I never found a way to generate longer RSA keys on the switch via the CLI, but it may be possible to generate keys on an external system and copy those in. I will try that some time when I have access to a switch that I can afford downtime on if it does not work.
There is a way to bypass this error from RHEL 9 systems, however. The tl;dr: workaround is to do:
ssh -o RSAMinSize=1024 admin@switch
This is because RedHat sets this variable, RSAMinSize to 2048 in /etc/crypto-policies/back-ends/openssh.config. Since this is a configuration option, it can be specified in the command line, in the users ssh_config, or in global /etc/ssh/ssh_config.
While you can't generate larger keys on the switch, I can confirm that you can generate one externally and then copy it onto the switch (using the 'copy' command). 2048-Bit RSA I'm sure was accepted, I'm not certain if I had tried 3072 as well.
I could imagine that it could be done by Netgear to either bump the key size or to make it configurable.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
