THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
09-May-23 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
IOSXE |
17 |
17.11.1, 17.11.1a |
Defect ID | Headline |
---|---|
CSCwc72599 | Device should not allow RSA keys less than 2048 bits in strength for SSH |
In releases earlier than Cisco IOS XE Release 17.11.1, RSA keys less than 2048 bits can be used for the SSH server on the device.
In Cisco IOS XE Release 17.11.1 and later, RSA keys less than 2048 bits are denied for use with SSH by default due to its weak cryptographic properties. Cisco recommends to use stronger RSA keys that are at least 2048 bits. In order to continue to use RSA keys less than 2048 bits for SSH, explicit configuration is required. Without such a configuration change, SSH service on the device is disabled and SSH sessions to the device will fail. This results in loss of remote access to the device through SSH.
In Cisco IOS XE Release Bengaluru 17.6.1 and later, configuration of RSA keys less than 2048 bits for SSH generates a warning about a RSA key size compliance violation, but it does not impact SSH operations to the device. This warning message is displayed when a weak RSA key pair is used for SSH.
%SSH-5-SSH_COMPLIANCE_VIOLATION_RSA_KEY_SIZE: SSH RSA Key Size compliance violation detected. Kindly note that the usage of keys smaller than 2048 bits will be deprecated in the upcoming releases. Please revise your key configuration accordingly to avoid service impact.
In Cisco IOS XE Release 17.11.1 and later, RSA keys less than 2048 bits are denied by default and require explicit configuration to be allowed.
If the RSA key pair is not updated to be at least 2048 bits for SSH, or if the configuration is not explicitly enabled to allow weak cryptographic algorithms prior to the Cisco IOS XE Release 17.11.1 upgrade, then the SSH server will be disabled upon an upgrade to Cisco IOS XE Release 17.11.1. This results in failure of the remote SSH sessions to the device.
The solution is to update the RSA key pair used with SSH to at least 2048 bits.
Prior to an upgrade to Cisco IOS XE Release 17.11.1 or later, enter this command in order to identify the RSA key modulus size.
Device#show ip ssh | include Modulus Modulus Size : 1024 bit
In order to update the RSA key pair, complete these steps:
Device#config terminal Enter configuration commands, one per line. End with CNTL/Z. csr1(config)#crypto key generate rsa modulus 2048 label strong-ssh-key The name for the keys will be: strong-ssh-key % The key modulus size is 2048 bits % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 0 seconds)
Device(config)#ip ssh rsa keypair-name strong-ssh-key
If it is not possible to update the RSA key pair, then this configuration command is required for SSH to continue to use the weak RSA key pair upon an upgrade to Cisco IOS XE Release 17.11.1.
Device(config)#crypto engine compliance shield disable
Note: This command is only available in Cisco IOS XE Release 17.7.1 and later, and will only take effect after a reboot.
Cisco does NOT recommend this option as these weak cryptographic algorithms are insecure and do not provide adequate protection from modern threats and should only be used as a last resort.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.