Summary
You may have run into this problem that you paste your SSH key and get the reply that your key is too long. The whole idea about long keys is that increase security. As it turns out you can still enter this using the pkf format. This post explains how.
Converting your existing key to the pkf format
The first step is to convert the public key to the pkf format.
$ ssh-keygen -e -f id_rsa.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "4096-bit RSA, converted by fred@nowhere.com from OpenSSH"
AAAAB3NzaC1yc2EAAAABIwAAAgEAsWxXE5zJirDc0QLw11ChW4t21jOk517U/eJ4GSPlTz
yHyUrVkNATCV4muH45woAWlhRwnBHp2tKTDFKPvUoH2cAEDR2wNOYcpdIMiP7a8w1P0244
XMmtpaGLN3tN3npeu9HiMSrrDPNRqcRAcO5zGW9HaHmzKxarrofP3SkZtdSNnECFYmH16d
aXdeQFwvn90AM9hAYZUgAsWBvFfAGKI+fr4bJIH2I+SPS4QciAQNeYHUVGz19gT7kssy/n
Zk2YSe3R24NRAqxxjgA8t/bCc9mO49+5DzejSCVSmzPLUKBqaVuTpUm+eohyMXe7t5BfY3
osLjwl39p5o5kUpCiOQI6YvU8lcE0gFDDFJOw6uJ7N+xdQ+ZpgcqUzGE821qtIv9ZiHkoa
wObT8Hh6VLRy0Wlq1wmpOI01Fw6n7owQfVM1fK1F2gQyWcenI7y6zfyjJqOwmbN2QhDAcr
qUWKWTJz3elJAkD71ke965IYENWfHOILvnmvmGUuhr3lptL776gwfcib9lBHDWLM7GBSu0
9j4WmDOWbWOkP2ptIkf5pkTBBbHJbNJmyJxBoTP/GkftddPw2e+rKU6JGyBmh0b2UFlgfl
rffG8AjuVzKr37P5o8mldKLsABuIXLjup79ob36h1Bv0WfJwY5DGoLjL4HBII0VkxJGHpX
mbzqfznnJJk=---- END SSH2 PUBLIC KEY ----
Uploading it to your Cisco ASA
Log in into your Cisco ASA and create the user. In this example the user bob
is added.
ciscoasa# conf t
ciscoasa(config)#username bob nopassword privilege 15
Next setup the pkf format:
ciscoasa(config)# username bob attributes
ciscoasa(config-username)#ssh authentication pkf
Now that the key has been imported you will not find it back when you
look at your configuration. In fact it will store the hashed version in your config:
sh run username bob
username bob nopassword privilege 15
username bob attributes
service-type admin
ssh authentication publickey 92:c0:37:91:56:ab:53:00:3b:04:7d:c0:\
68:41:99:a8:af:99:d7:94:ec:03:1d:d0:cb:32:ee:4e:83:db:fe:64 hashed
Test your configuration
If it all works out you should be able to login into your asa using:
ssh bob@myasa.somwhere.com