Details
Generates an RSA key pair used by SSH protocol of at least 2048 bits
Rationale:
Secure Shell (SSH) is a secure remote-login protocol. The ASA allows SSH connections to the ASA for management purposes and supports the SSH DES and 3DES ciphers. SSH uses a key-exchange method based on Rivest-Shamir-Adleman (RSA) public-key. Since RSA 1024-bit keys are likely to become crackable, it is recommended to have RSA keys of at least 2048 bits.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Step 1: Acquire the enterprise standard RSA key size greater or equal than 2048 bits
Step 2: If the audit procedure revealed existing non-compliant key pairs, run the following to remove them:
hostname(config)#crypto key zeroize rsa
Step 3: Run the following to generate compliant RSA key pair:
hostname(config)# crypto key generate rsa modulus
Step 4: Run the following to save the RSA keys to persistent Flash memory
hostname(config)#write memory
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.