Forum Discussion

7 Replies

Sort By
  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Jul 26, 2019

    Hello PiotrL.

    Version 14.x has already got a 2048-bit key.

    # tmsh show sys software | grep yes
HD1.2    BIG-IP   14.0.0  0.0.2187     yes  complete
 
# openssl rsa -noout -text -in /var/ssh/ssh_host_rsa_key | grep -i key
Private-Key: (2048 bit)

    KR,

    Dario.

  • PiotrL's avatar
    PiotrL
    Icon for Cirrus rankCirrus
    Jul 26, 2019

    Hi Dario,

    we have 14.1.0.2 version, but still: Private-Key: (1024 bit)

    maybe F5 guys had second thought and changed it again to 1k ...

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP
      Jul 26, 2019

      So, that's maybe the reason they don't include 14.x in K26031800.

       

      Actually, I don't see any inconvenient on perform this procedure to change private-key length.

       

      KR,

      Dario.

  • PiotrL's avatar
    PiotrL
    Icon for Cirrus rankCirrus
    Jul 27, 2019

    It was enough to regenerate the SSH keys, so one command:

    "/usr/bin/keyswap.sh -genkeys" did the trick.

    • AJF5's avatar
      AJF5
      Icon for Altocumulus rankAltocumulus
      Sep 30, 2019

      Just this command will help change SSH keys from 1024 to 2048 bit.

      "/usr/bin/keyswap.sh -genkeys" 

      Or this is addition to K26031800.

       

      • PiotrL's avatar
        PiotrL
        Icon for Cirrus rankCirrus
        Oct 03, 2019

        In my case (v14.x) it was enough to issue this one command, altough v14.x should have 2k by default, as Dario commented ...