13.12.2020

Asa 5505 Attempt To Generate Rsa Keys Failed

77
by Cyrus Lok on Thursday, April 8, 2010 at 11:13pm
  1. Asa 5505 Attempt To Generate Rsa Keys Failed Windows 10
  2. Asa 5505 Attempt To Generate Rsa Keys Failed To File
  3. How To Generate Rsa Keys
I have a generated RSA key which is stored in my ASA’s flash memory. I am going to recreate a RSA key once more, so I will zeroize the key. If there is a RSA key stored in the flash, ASA will prompt whether I want to replace the current generated key with the old one.

Zeroize the key:

ciscoasa(config)# crypto key zeroize rsa
WARNING: All RSA keys will be removed.
WARNING: All device digital certificates issued using these keys will also be removed

Do you really want to remove these keys? [yes/no]: y
ciscoasa(config)#

Generating RSA key needs to define a domain name, this is the same as in IOS.

How to create self-signed certificates An article by Fabio Semperboni Tutorial A digital certificate or identity certificate is an electronic document which uses a digital signature to bind a public key with an identity, information such as the name of a person. % Attempt to generate RSA keys failed: Alittle background.customer of ours has this asa.out of nowhere loses all ssh capabilties. I confirmed that everythign looked good in the config and further zeroize'd the keys just to run them from scratch and create up a new batch.this is when I now cannot create them up again.Not sure how to proceed.

ciscoasa(config)# domain-name cyruslab.com
ciscoasa(config)#

Generate a 1024-bit long RSA key:
ciscoasa(config)# crypto key generate rsa general-keys modulus 1024
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait…
ciscoasa(config)#

Actually it is sufficient if I just type crypto key generate rsa <cr>, the interactive prompt will just prompt me for the length of the key (modulus).

This is the 1024-bit long RSA key which I have just generated:

ciscoasa(config)# sh crypto key mypubkey rsa
Key pair was generated at: 06:20:15 UTC Apr 8 2010
Key name: <Default-RSA-Key>
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:

30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c2890c
ad9065a0 f17eebbd 726029dc 0a9f40a9 ca714031 5de9d15b fe7b8fc7 e11e7ffd
8f27befc beaf0aae fa937c69 482a1595 f8865cc1 d8ced14a 737243c3 8f9886ab
75be998a 8a7437a1 bac57f34 d31774b7 a53cd803 a7837bc4 92f9f326 8fc818a5
54ca0476 3c864534 7b50d635 88905d28 cfeec63d e32324a9 98eba845 3b020301 0001

Allow ssh connection from my private network:
ciscoasa(config)# ssh 192.168.1.0 255.255.255.0 inside

Allow ssh connection from the internet (any connection):
ciscoasa(config)# ssh 0 0 outside

Set up ssh idle time-out period (maximum is 1hour):
ciscoasa(config)# ssh timeout 30

ssh has two versions: 1 and 2. ssh version 1 is less secured than version 2. My default ssh supports two versions:

ciscoasa(config)# sh ssh
Timeout: 30 minutes
Versions allowed: 1 and 2
192.168.1.0 255.255.255.0 inside
0.0.0.0 0.0.0.0 outside

To support only version 2, I have to explicitly tell my firewall with this command:
ciscoasa(config)# ssh version 2

ciscoasa(config)# sh ssh
Timeout: 30 minutes
Version allowed: 2
192.168.1.0 255.255.255.0 inside
0.0.0.0 0.0.0.0 outside

I think putty supports ssh version 2. so I shall test it…

Asa 5505 Attempt To Generate Rsa Keys Failed Windows 10

A security warning came up because this RSA signature key has not been verified by any CA, this is generated by ASA. However this can be trusted because I generated it 😉

Click yes button to store this key into my windows XP.

Asa 5505 attempt to generate rsa keys failed update
I could not find a command to set up the username for remote login, but the default for pix/asa is pix…zzz

Great! Putty supports ssh version 2.

From my console, I can check the current ssh sessions to my ASA5505:

To show current ssh sessions.

To kill ssh session:

ssh disconnect <sid> for disconnecting ssh session.

kill <sid> for killing telnet session.

LOL! SSH session has been sniped!

Since this is brand new, I highly recommend you upgrade ASDM and the firmware before you start..that way you won't have to upgrade later after you've got everything working the way you want it.

Asa 5505 Attempt To Generate Rsa Keys Failed To File

Asa 5505 attempt to generate rsa keys failed to start

How To Generate Rsa Keys

I suspect your IP change is failing because you're attempting to cut off the branch you're sitting on. /openssl-generate-dsa-key-pair.html. The easiest way to do this is to use the console cable and change it via the command line. Set the port the way you want it, then configure the management port so you can get in and change things via ASDM