ssh server key

Generates or zeroizes SSH crypto keys on the device. All three keys can be active simultaneously.

Syntax

ssh server key { dsa | rsa [ 1024 | 2048 | 4096 ] | ecdsa 256 }
no ssh server key { dsa | rsa | ecdsa }

Command Default

The default values of SSH keys are:

Parameters

dsa
Generates the DSA key.
rsa [ 1024 | 2048 | 4096 ]
Generates the RSA key, in either the 1024, 2048, or 4096 bit size.
ecdsa 256
Generates the ECDSA key at 256 bits.

Modes

Global configuration mode

Usage Guidelines

The no ssh server key command zeroizes the SSH keys on the device. Running the no form of the command requires you to save the configuration and reload the device. See the last example for more information.

If you generate and delete SSH crypto keys, you must restart the SSH server using the no ssh server shutdown command to enable the configuration.

Examples

Typical DSA command example:

device(config)# ssh server key dsa

Typical RSA command example:

device(config)# ssh server key rsa 4096

Typical ECDSA command example:

device(config)# ssh server key ecdsa 256

Typical zeroizing example. Note that running the no form of the command requires you to save the configuration and reload the device.

device(config)# no ssh server key dsa
                    % Info: Configuration is successful. For this config to take effect immediately, restart SSH
                    server via exec command ssh-server restart or save the config and reload.