I think, I got the answer http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080088197.html
IPS Sensor supports only ssh version 1. The SSH version 1 has the exponent/modulus form. With putty, when you try to generate a key with ssh 1 selected, you will see the exponent/modulus form. But there is one thing, for which I don't have the answer. If the router is enabled with SSH 1.5 and then I try to retrieve key with the "ssh host-key" command, the public key is retrieved in exponent/modulus form. My question is, whether the sensor retrieved ssh 2 key and converted it from ssh 2 ASN standard form to exponent/modulus form or did the sesnor, retrieve a ssh 1 key from the router? Please let me know, if I understanding is wrong. Sample key forms - Putty generated - SSH 1 (RSA) Length is 1024 bits and modulus is 37 1024 371158752216491277321143480861548661325873614263583576212066973466808497469254739660437295 19506303480757940517966837316689423718091873046190440464148525456076201624869460019390136017038 629566585251171321652233698473919255794937271507497859475290155713291539954226873359290672693498 530564975571658800697844069461 Sample key forms - Putty generated - SSH 2 (RSA) AAAAB3NzaC1yc2EAAAABJQAAAIEAgZNH+Xq6/HNcopKkNDXUbD4TSJz7hS/I++mYcj+guwigw9fPL+n5aDHCJJv3X RJYeVd4ZCcT0t8SND4bDtLUSrz1vvgw9Ep4YbI7niL0SeWAQKiZsVZZm+0t7xfybFYBdmkUaLq8pd0vU+0Pcxf/wXjsDN vh6i/RHHiQmvkvK With regards Kings On Wed, Jul 29, 2009 at 11:13 AM, Kingsley Charles < [email protected]> wrote: > Hello everyone > > On the IPS sensor, if you need to add a router to the ssh known host list, > we need to add the router's RSA public key in the sensor. > > We have two options: > > Automatically, we can make the Sensor to retrieve the key from the router > using "ssh host-key" command. > > Manually add the key going to "service ssh-known-host". > > For the second option, the sensor expects the key in "exponent/modulus" > format. > > But the problem is, if you issue "show crypto key mypubkey rsa" on the > router, the key is displayed in the standard ASN Hex format. > > > > *Please let me know a tool that can convert the "standard RSA Hex format" > key into "Exponent/modulus decimal form", so that I can add it to the > Sensor.* > > I tried to putty and there is no option in that. > > > > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
