This document explains how to use the Key generator for PuTTY
(PuTTYgen) to generate Secure Shell (SSH) authorized keys and RSA
authentication for use on Cisco Secure Intrusion Detection System (IDS). The
primary issue when you establish SSH authorized keys is that only the older
RSA1 key format is acceptable. This means that you need to tell your key
generator to create an RSA1 key, and you must restrict the SSH client to use
the SSH1 protocol.
There are no specific requirements for this document.
The information in this document is based on these software and
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Refer to the
Technical Tips Conventions for more information on document
This section presents you with the information to configure the
features this document describes.
Note: Use the
(registered customers only)
to find additional information on the commands this document
Complete these steps to configure PuTTYgen.
Click the SSH1 key type and set the number of bits
in the generated key to 2048 in the Parameters group at the
bottom of the dialog box.
Click Generate and follow the instructions.
The key information is displayed in the upper section of the dialog
Clear the Key Comment edit box.
Select all the text in Public key for pasting into authorized_keys
file and press Ctrl-C.
Type a passphrase in the Key passphrase and Confirm passphrase edit
Click Save private key.
Save the PuTTY private key file into a directory private to your
Windows login (in the Documents and Settings/(userid)/My Documents subtree in
Create a new PuTTY session as seen here:
IP Address: IP address of the IDS
Auto-login username: cisco (can also be the
login you use on the Sensor)
Preferred SSH version: 1 only
Private key file for authentication: Browse to
the .PPK file stored in step 8.
Session: (back to the top)
Saved sessions: (enter the sensor name, click
Click Open and use password authentication to
connect to the Sensor CLI, since the public key is not on the Sensor yet.
Enter the configure terminal CLI command
and press Enter.
Enter the ssh authorized-key mykey CLI
command, but do not press Enter at this time. Make sure and type a space at the
Right-click in the PuTTY terminal window.
The clipboard material copied in step 5 is typed into the CLI.
Enter the exit command and press
Confirm the authorized key is entered properly. Enter the
show ssh authorized-keys mykey command and press
Enter the exit command to quit the IDS
CLI and press Enter.
Complete these steps.
Locate the Saved Session created in step
10 and double-click on it. A PuTTY terminal window opens and this text
Sent username "cisco"
Trying public key authentication.
Passphrase for key "":
Type the private key passphrase you created in
step 6 and press Enter.
You are automatically logged in.
There is currently no specific troubleshooting information available
for this configuration.