SLX(config)# ssh server key rsa ? Possible completions: [2048] 1024 1024 bits RSA key 2048 2048 bits RSA key [default] 4096 4096 bits RSA key SLX(config)# ssh server key rsa 4096
The default RSA hostkey for SSH when the above hostkey is not configured, is 2048 bits.
The SLX provides the SSH server hostkey algorithms RSA, ECDSA P256 and DSA to be configured. It's recommended to use only ECDSA or RSA(minimum 2048 bits) as the hostkeys DSA and RSA 1024 are both insecure with 1024 bit length.
The ECDSA being the
strongest algorithm, the OpenSSH server in SLX sends this as the hostkey if
it is present. On a linux, the SSH client receives the following message to accept the hostkey
sent by the SLX.
The authenticity of host 10.24.12.129 (10.24.12.129) can't be established. ECDSA key fingerprint is SHA256:LlgBLdBedpJ1AU6GWa4OYjtye6JM4CfR8i8k2SwGOfw. Are you sure you want to continue connecting yes/no ?
If you remove ECDSA hostkey
configured from SSH server key CLI , then the
OpenSSH server in SLX negotiates RSA hostkey based on the bit
length, which you configured using ssh server key RSA CLI.
The default being 2048 bits.
Hence, you need to explicitly configure ssh server key RSA 4096 to use the RSA 4096 bit hostkey and remove
ECDSA if it does not
consider, so that the server sends RSA
4096 as the hostkey.