Information
Use this command to generate RSA key pairs for your Cisco device.
RSA keys are generated in pairs--one public RSA key and one private RSA key.
Rationale:
An RSA key pair is a prerequisite for setting up SSH and should be at least 2048 bits.
NOTE: IOS does NOT display the modulus bit value in the Audit Procedure.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Generate an RSA key pair for the router.
hostname(config)#crypto key generate rsa general-keys modulus 2048
Impact:
Organizations should plan and implement enterprise network cryptography and generate an appropriate RSA key pairs, such as 'modulus', greater than or equal to 2048.
Default Value:
RSA key pairs do not exist.
References:
http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-c4.html#GUID-2AECF701-D54A-404E-9614-D3AAB049BC13