{"id":23,"date":"2016-10-01T08:57:00","date_gmt":"2016-10-01T08:57:00","guid":{"rendered":"https:\/\/fred.appelman.net\/?p=23"},"modified":"2017-04-29T10:47:51","modified_gmt":"2017-04-29T10:47:51","slug":"setup-ssh-key-on-a-cisco-asa-using-a-long-ssh-key","status":"publish","type":"post","link":"https:\/\/fred.appelman.net\/?p=23","title":{"rendered":"Setup SSH key on a Cisco ASA using a long SSH key"},"content":{"rendered":"<div class=\"entry\">\n<h2>Summary<\/h2>\n<p>You may have run into this problem that you paste your SSH key and get the reply that your key is too long. The whole idea about long keys is that increase security. As it turns out you can still enter this using the <strong>pkf<\/strong> format. This post explains how.<\/p>\n<h2>Converting your existing key to the pkf format<\/h2>\n<p>The first step is to convert the public key to the <strong>pkf<\/strong> format.<\/p>\n<pre><code>$ ssh-keygen -e -f id_rsa.pub\n---- BEGIN SSH2 PUBLIC KEY ----\nComment: \"4096-bit RSA, converted by fred@nowhere.com from OpenSSH\"\nAAAAB3NzaC1yc2EAAAABIwAAAgEAsWxXE5zJirDc0QLw11ChW4t21jOk517U\/eJ4GSPlTz\nyHyUrVkNATCV4muH45woAWlhRwnBHp2tKTDFKPvUoH2cAEDR2wNOYcpdIMiP7a8w1P0244\nXMmtpaGLN3tN3npeu9HiMSrrDPNRqcRAcO5zGW9HaHmzKxarrofP3SkZtdSNnECFYmH16d\naXdeQFwvn90AM9hAYZUgAsWBvFfAGKI+fr4bJIH2I+SPS4QciAQNeYHUVGz19gT7kssy\/n\nZk2YSe3R24NRAqxxjgA8t\/bCc9mO49+5DzejSCVSmzPLUKBqaVuTpUm+eohyMXe7t5BfY3\nosLjwl39p5o5kUpCiOQI6YvU8lcE0gFDDFJOw6uJ7N+xdQ+ZpgcqUzGE821qtIv9ZiHkoa\nwObT8Hh6VLRy0Wlq1wmpOI01Fw6n7owQfVM1fK1F2gQyWcenI7y6zfyjJqOwmbN2QhDAcr\nqUWKWTJz3elJAkD71ke965IYENWfHOILvnmvmGUuhr3lptL776gwfcib9lBHDWLM7GBSu0\n9j4WmDOWbWOkP2ptIkf5pkTBBbHJbNJmyJxBoTP\/GkftddPw2e+rKU6JGyBmh0b2UFlgfl\nrffG8AjuVzKr37P5o8mldKLsABuIXLjup79ob36h1Bv0WfJwY5DGoLjL4HBII0VkxJGHpX\nmbzqfznnJJk=---- END SSH2 PUBLIC KEY ----\n<\/code><\/pre>\n<h3>Uploading it to your Cisco ASA<\/h3>\n<p>Log in into your Cisco ASA and create the user. In this example the user <code>bob<\/code> is added.<\/p>\n<p><code>ciscoasa# conf t<br \/>\nciscoasa(config)#username bob nopassword privilege 15<br \/>\n<\/code><\/p>\n<p>&nbsp;<\/p>\n<p>Next setup the <strong>pkf<\/strong> format:<\/p>\n<p><code>ciscoasa(config)# username bob attributes<br \/>\nciscoasa(config-username)#ssh authentication pkf<\/p>\n<p><\/code><\/p>\n<p>&nbsp;<\/p>\n<p>Now that the key has been imported you will not find it back when you<br \/>look at your configuration. In fact it will store the hashed version in your config:<\/p>\n<p><code> sh run username bob<br \/>\nusername bob nopassword privilege 15<br \/>\nusername bob attributes<br \/>\n service-type admin<br \/>\n ssh authentication publickey 92:c0:37:91:56:ab:53:00:3b:04:7d:c0:\\<br \/>\n    68:41:99:a8:af:99:d7:94:ec:03:1d:d0:cb:32:ee:4e:83:db:fe:64 hashed<br \/>\n<\/code><\/p>\n<p>&nbsp;<\/p>\n<h3>Test your configuration<\/h3>\n<p>If it all works out you should be able to login into your asa using:<\/p>\n<p><code>ssh bob@myasa.somwhere.com<br \/>\n<\/code><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Summary You may have run into this problem that you paste your SSH key and get the reply that your key is too long. The whole idea about long keys is that increase security. As it turns out you can still enter this using the pkf format. This post explains how. Converting your existing key &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[7,3,8],"class_list":{"0":"post-23","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"tag-cisco","8":"tag-productivity","9":"tag-ssh","10":"anons"},"_links":{"self":[{"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/posts\/23","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23"}],"version-history":[{"count":25,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/posts\/23\/revisions"}],"predecessor-version":[{"id":53,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=\/wp\/v2\/posts\/23\/revisions\/53"}],"wp:attachment":[{"href":"https:\/\/fred.appelman.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fred.appelman.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}