Generating crypto keys for SSH support

Hi,
I'm having no problems getting SSH to work using the CLI crypto key command but I've noticed one thing. The crypto key command does not show up in the config...is it hidden somehow? The reason I ask is when I take an AP(1121 in this case) right out of the box and copy an existing config into it (where this config had the RSA keys already config'd)....it works with SSH? How do the keys get generated on this new AP when there is no crypto key command in the config I just loaded into it?
.....thanks.........J

you need to use a K9 image that supports crypto features
For ssh dont copy and paste the config.
Create a domain name and generate a key.

Similar Messages

  • Solution Manager can't generate  installation key  for Netweaver 2004s

    I am trying to generate installation key for a new installation of
    Netweaver 2004s or 7.0 and the Solution Manager only display SAP ECC
    5.0 or 6.0 in the field production version, when i am trying do create
    a new system landscape. My Solution Manager is 4.0 release and support
    package 10. The keys generated by ECC 5.0 or 6.0 doesn't work.

    That is because SAP has not released an ECC 7.0
    NW2004s is also refered to as 7.0.  It appears that you are confusing this with ECC 5.0 and ECC 6.0
    A NW2004s installation can contain an ECC5.0 or ECC 6.0, just like it can contain a CRM 5.0 or SRM, or EP, et cetera
    The generated keys probably do not work because you have wrong hostname or instance number entered.

  • Exact Steps to Generate Installation keys for other systems In SolMgr4.0

    Hi friends,
    Please provide me exact Steps to Generate Installation keys for other systems In SolMgr 4.0 SR1.
    I have steps to make this thing in solmgr 3.2 as please change as it in solmgr4.0 sr1
    txn SMSY
    Expand Landscape components -> Systems
    Right click on Systems  ->New System
    Type SAPID, & Installation No. (S44 , 0040099252) & sAVE
    Expand Newly Added system
    Right Click & Create
    Now we can use the key provided by the system.
    Please make required changes as applicable in solmgr4.0 So that I can proceed.
    Also clear vat is the difference between ECC & ERP as solmgr4.0 mention both as two systems.
    Thanks & regards
    Jaswant
    +91 9949676055
    Cheers 'N' Joyce

    Hi Jaswant,
    to generate a Solution Manager Key you can process a little bit easier.
    Call transaction SMSY, press shift+F5 (you get the "other objects" popup).
    As System enter the SID of your Solution Manager.
    ->select gen.Installation/Upgrade Key (shiftctrlF10))
    then you get a new popup. In this popup you DELETE all values, enter SID of the new system, the message server of the new system and the system number of the new system. Then press generate key.
    With this procedure you do not have to add the system to SMSY to generate the key.
    Later you should add it to SMSY, maybe you have added an SLD to SMSY then the system will be added automatically. If not you have to add it manually.
    Second question ERP <> ECC
    Good question, ECC is part (a main instance) of ERP, so it is up to you if you classify your system as an ERP or ECC.
    Regards,
    Udo Lang

  • Using Solution Manager 7.0 to Generate Solution Key for SAP Netweaver 7.3 ?

    Hi, SDN Gurus.
    We are running Solution Manager 7.0.
    I am trying to generate solution key for SAP Netweaver 7.3 system. When I was creating a new system (in TCode SMSY);  I only see Newtweaver 7.1 is the latest version available in the SAP Netweaver  product version drop down list.
    Is that true that I always need to upgrade the latest/compatible version (SP & patches) of SAP Solution Manager to generate solution key for the latest released of SAP products?
    If this is the case, what version of SAP Solution Manager I need to create new system and generate solution key for SAP Netweaver 7.3? 
    Thanks for advices,
    KC

    Hi,
    Please follow the note [Note 1274430 - Installation of Solution Manager 7.0 Stack 18 and higher|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1274430]
    and the discussions here [Direct Upgrade from Solution Manager SP16 to SP26|Direct Upgrade from Solution Manager SP16 to SP26]
    Thanks,
    Jansi

  • ASA 8.4+ RSA Public Key for SSH user authentication

      I have seen in the configuration guide and a separate post in the support community that RSA Public Key authentication is support for SSH sessions in 8.4 and after.  I have tried implementing this on both an 8.4 ASA and a 9.1 ASA and I get the same error on both.  I have tried specifying SSH version 2 to see if that is the issue but I still get the error.  Is there a step I am missing?
    Here is the output of the configuration commands:
    ciscoasa(config)#username test nopassword privilege 15
    ciscoasa(config)#username test attributes
    ciscoasa(config-username)# ssh authentication publickey
                                 ^
    ERROR: % Invalid Hostname
    The links referenced above:
    https://supportforums.cisco.com/thread/2150480
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053558
    http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/aaa_servers.html#wp1176050
    Thanks!

    That would be great if the resolution was that simple.  I am using a public key I generated using the putty key generator.  Below is the key I would use if I got that far.  However I get an error on the "ssh authentication publickey" attribute so I never get the chance to enter a public key.  What code version and hardware version are you running that this worked on?
    AAAAB3NzaC1yc2EAAAABJQAAAIEA2h00RCKBbpbrTWSe/3TYAvRpkJz7tLwQDCf9
    4fDJUWUGrmxXHeomuBhNGZh7tyfFjRL2CKY6nWmFyKN/eDm0PF4IWhhCArzOPVDu
    q7Nu2y/pD8wWH8dH4a3zRpkLSekNJtH6lzuqmY0zqz9TnZlpS6g4LI1a+lOGSmhU
    /HySw9s=
    ciscoasa(config)#username test nopassword privilege 15
    ciscoasa(config)#username test attributes
    ciscoasa(config-username)#ssh ?
    configure mode commands/options:
      Hostname or A.B.C.D  The IP address of the host and/or network authorized to
                           login to the system
      X:X:X:X::X/<0-128>   IPv6 address/prefix authorized to login to the system
      scopy                Secure Copy mode
      timeout              Configure ssh idle timeout
      version              Specify protocol version to be supported
    exec mode commands/options:
      disconnect  Specify SSH session id to be disconnected after this keyword
    ciscoasa(config-username)# ssh
    ciscoasa(config-username)# sh ver | in Ver
    Cisco Adaptive Security Appliance Software Version 9.1(1)
    Device Manager Version 7.1(1)52
    ciscoasa(config-username)#

  • How to Generate a key (for SecretKeySpec) out of a string literal.

    Hi,
    I have a string literal representation of a HEX value key which I use to send encrypted data from C++ to Java (on Sockets).
    I haven't managed to convert the string representation to a value that I can use with SecretKeySpec() constructor to create a working AES 128b key.
    The last attempt was this:
    String strKey = new String("E5E6E7E9EA392A2B2D256489012145E5");
    byte[] byteKey = new BigInteger(strKey,16).toByteArray();
    SecretKey skey = new SecretKeySpec(byteKey, "AES");It didn't work because the byte array was of size 17 byte. (java.security.InvalidKeyException: Invalid AES key length: 17 bytes)
    Is there an obvious straight forward way to this which I'm missing? (How would you transfer a key in HEX representation?)
    Thank you.

    Because of the way negative BigIntegers are represented, when the high-order bit of the high-order byte of a positive BigInteger is 1, the toByteArray() emits an "extra" high order byte of zero hence your length of 17. Another problem is that, if your Hex string happens to begin "00X..." where X is less than 8, then toByteArray() will not emit the superflous leading zero byte and the size will be 15 or less.
    java.math.BigInteger b = new java.math.BigInteger("ECBA1127878", 16);
    byte [] keyBytes = new byte[16];
    byte [] bigBytes = b.toByteArray();
    System.arraycopy(bigBytes, 0, keyBytes, 0, Math.min(keyBytes.length, bigBytes.length));as an example is only a 4 lines of code.

  • Central location for ssh authorized public keys?

    Hi guys,
    I have been studying how to use ssh, but this has been bothering me and I will really appreciate any help.
    When you generate public keys for users, they go to the ~/.ssh/authorized_keys . If you as root, want to take control of all users public keys, say you want to have a central location for all public keys. You want sshd to read all keys from a different location rather than ~/.ssh/authorized_keys.
    How will you go about doing this?
    Thanks for your help this.
    Arrey

    You're welcome and enjoy your 'practice' ;-)
    however, I forgot to mention that if you modify the /etc/ssh/sshd_config file, you should restart the sshd daemon.
    $0.01: Restart the SSH daemon FROM ANOTHER SHELL to keep an active/running shell on the system, to recover, just in case.
    $0.02: I suggest a two-steps approach to be sure that the sshd daemon is correctly restarted and the new ssh session is not picking up a thread that hasn't properly re-read the configuration
    # svcadm disable ssh; sleep 5; svcadm enable ssh
    HTH,
    Marco

  • How can I generate SSL Keys from a Oracle 9iAS server version 1.0.2.2.0

    How can I generate SSL Keys for use on Oracle 9iAS server
    version 1.0.2.2.0. I have tried using the open_ssl method but
    was unsuccessful.

    <?xml version="1.0" encoding="UTF-8" ?>
    <nodes>
    <node>
    <category_id>3</category_id>
    <parent_id>2</parent_id>
    <name>Mobile</name>
    <is_active>1</is_active>
    <position>1</position>
    <level>2</level>
    <children>
    <node name="Nokia" category_id="6" parent_id="3" is_active="1" position="1" level="3">
    <node name="Nokia N79" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
    <node name="Nokia N95" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
    <node name="Nokia N97" category_id="7" parent_id="3" is_active="1" position="2" level="3" />
    </node>
    <node name="Samsung" category_id="7" parent_id="3" is_active="1" position="2" level="3">
    </node>
    </children>
    </node>
    <node>
    <category_id>4</category_id>
    <parent_id>2</parent_id>
    <name>Laptop</name>
    <is_active>1</is_active>
    <position>2</position>
    <level>2</level>
    <children></children>
    </node>
    <node>
    <category_id>5</category_id>
    <parent_id>2</parent_id>
    <name>Monitor</name>
    <is_active>1</is_active>
    <position>3</position>
    <level>2</level>
    <children></children>
    </node>
    <node>
    <category_id>8</category_id>
    <parent_id>2</parent_id>
    <name>Camera</name>
    <is_active>1</is_active>
    <position>4</position>
    <level>2</level>
    <children></children>
    </node>
    </nodes>
    Is this correct format to create dynamic menu?

  • Installing CRM question and SOLMAN Generate Required Key

    Hi everyone,
    I have been trying to install the sap crm 5.0 , but there is a section where the installer asks for some Solutions Manager Key that i need to generate on the SAP SOLMAN. The thing is that i dont have any sap solman running.
    I have been reading several posts where basically its says that is a req. that sap established for the crm systems.
    Anyways, i have 2 questions.
    1. Installing the SAP SOLMAN is just the same process as installing r/3 or crm, that i need to update the OS, install the dbms (upgrade it and patch it), get the kernel, export, installation master cd's and well follow the inst guide?
    Or there is something else i need to have, like an r/3 system  running ?
    2. It's possible if i give to you guys the SAP SID, Instance Number, Hostname,  of the crm environment i want to install, that somebody with solman generates the key for me?
    Thanx in advance.

    > 1. Installing the SAP SOLMAN is just the same process
    > as installing r/3 or crm, that i need to update the
    > OS, install the dbms (upgrade it and patch it), get
    > the kernel, export, installation master cd's and well
    > follow the inst guide?
    > Or there is something else i need to have, like an
    > r/3 system  running ?
    SolMan is a complete separate system with separate database, combined ABAP + Java instance, so to say an "R/3 system running" (to speak with your words).
    >
    > 2. It's possible if i give to you guys the SAP SID,
    > Instance Number, Hostname,  of the crm environment i
    > want to install, that somebody with solman generates
    > the key for me?
    that is possible - but you won't be able to get patches and updates after April 2nd of this year, SolMan and Maintenance Optimizer is mandatory till then.
    Markus

  • MD5 key for huge file

    Hi,
    I want generated md5 key for a set of file which contains a lot of data.
    Big file implies long computation time... so, how can I improving this ?
    For now, I have a really simple algorithms :
    public byte[] createMD5(File file) throws NoSuchAlgorithmException, IOException {
              InputStream fis =  new FileInputStream(file);
              byte[] buffer = new byte[1024];
              MessageDigest complete = MessageDigest.getInstance("SHA");
              int numRead;
              do {
                numRead = fis.read(buffer);
                if (numRead > 0) {
                  complete.update(buffer, 0, numRead);
              } while (numRead != -1);
              fis.close();
              return complete.digest();
         }I have no found benchmark about algorithm SHA, MD5 ...
    Thanks you,
    Edited by: phpvik on May 20, 2009 1:19 PM

    phpvik wrote:
    sabre150 wrote:
    phpvik wrote:
    sabre150 wrote:
    What speed are you looking for?I expect 4Go (10.000 files) in 10 min I can do 5,600 files totalling 4,3 GBytes in 48 seconds.Ok, that's good .. Do you have any piece of code ?Yep. Plenty.
    >
    >>
    (I'm working with cluster).I'm not sure I understand the relevance. If you mean that you have N machines working on the problem then you should be able to do it in 1/N th the time.I've just want to say that I can distributed MD5 encrypt thread over computing farm.
    My algorithms have to be safe because my java application will be loaded in 64bits JVM (Linux, Windows, Mac..).I definitely do not understand this since one jar will work on 32 or 64 bit Linux, Windows, Mac and uncle tom cobbley and
    and allMy bytes code have to be compliant. I'm not sure that MD5 algorithm don't take care of OS architecture. But I'm okay with you : compile one time, use everywhere...I don't understand. Compliant with what? What in the MD5 specification makes it OS architecture dependent?
    >
    >
    >>>
    Did MD5 encryption work fine ?Of course. What makes you think the Java MD5 is wrong or in any way inferior to other MD5 ?No, but I remembers someone who say that MD5's implementation can be wrong.. But I trust in Java !Then ask the 'someone' for information about the faulty implementation.

  • 1809: An error has occured while generating a seccion key for encryption

    Hi
    I am trying to perform a remote control operation using Console One
    1.3.6c, but evry thime getting the following error message
    "1809: An error has occured while generating a seccion key for
    encryption." I had looked for it in Novell site & found that the fix is
    to upgrade to ZDF 6.5 SP1, but I am looking for a diffrent work around
    for it. Please let me know is there any work around for this problem.
    Regard
    Kallol
    kallol

    kallol,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at
    http://support.novell.com.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://support.novell.com/forums)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • GPG-AGENT "ignoring" pinentry program? wrong pinentry app for ssh-keys

    Hi!
    I am using gpg-agent to handle my gpg keys and wanted it to handle my ssh keys too, since it is running anyway.
    it works perfectly fine with gpg keys, my pinentry program is pinentry-qt4 , upon request that window pops up for me to enter my passphrase.
    as window manager i use awesome wm.
    however, when i try to use my ssh key, e.g. for github, no pinentry program pops up and in xterm it looks like:
    [me@mybox dotfiles]$ git push origin master
    it seems that is is waiting for my passphrase input but it isnt asking for it. neither does it accept it.
    when i quit my WM, i see that it executed the pinentry program directly in my tty1, to which i do not have access while running my WM.
    my gpg-agent.conf:
    me@mybox ~/.gnupg> cat gpg-agent.conf
    default-cache-ttl 300
    max-cache-ttl 7200
    pinentry-program /usr/bin/pinentry-qt4
    how do i get gpg-agent to respect my pinentry choice for my ssh keys as well?
    thanks for your time !

    I use this
    $ cat /etc/kde/env/gpg-agent-startup.sh
    #!/bin/sh
    # see https://wiki.archlinux.org/index.php/SSH_Keys
    GPG_AGENT=/usr/bin/gpg-agent
    ## Run gpg-agent only if not already running, and available
    if [ -x "${GPG_AGENT}" ] ; then
    # check validity of GPG_SOCKET (in case of session crash)
    GPG_AGENT_INFO_FILE=${HOME}/.gpg-agent-info
    if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
    GPG_AGENT_PID=`cat ${GPG_AGENT_INFO_FILE} | grep GPG_AGENT_INFO | cut -f2 -d:`
    GPG_PID_NAME=`cat /proc/${GPG_AGENT_PID}/comm`
    if [ ! "x${GPG_PID_NAME}" = "xgpg-agent" ]; then
    rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
    else
    GPG_SOCKET=`cat "${GPG_AGENT_INFO_FILE}" | grep GPG_AGENT_INFO | cut -f1 -d: | cut -f2 -d=`
    if ! test -S "${GPG_SOCKET}" -a -O "${GPG_SOCKET}" ; then
    rm -f "${GPG_AGENT_INFO_FILE}" 2>&1 >/dev/null
    fi
    fi
    unset GPG_AGENT_PID GPG_SOCKET GPG_PID_NAME SSH_AUTH_SOCK
    fi
    if [ -f "${GPG_AGENT_INFO_FILE}" ]; then
    eval "$(cat "${GPG_AGENT_INFO_FILE}")"
    eval "$(cut -d= -f 1 "${GPG_AGENT_INFO_FILE}" | xargs echo export)"
    export GPG_TTY=$(tty)
    else
    eval "$(${GPG_AGENT} -s --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file)"
    fi
    fi
    I think I could probably use the /etc/profile.d location but when I first set it up, kde was already running gpg-agent so I adapted its file. Later, I uninstalled the thing which does that in kde and just kept my own customised version.
    Are you sure that your xinitrc isn't starting a second gpg-agent?

  • 4507R+E with "k9" type IOS cannot use "crypto key generate rsa" command

    Hi all,
    We just upgraded the IOS on our SUP7L-E supervisor in a 4507R+E from a non-k9 (crypto) image to a k9 (crypto) image so we could use SSH to manage it. The specific image we are using is: cat4500e-universalk9.SPA.03.04.04.SG.151-2.SG4.bin. We also have a pair of 2960CG-8TS-L's that are running on: c2960c405ex-universalk9-mz.152-2.E.bin. We have given the devices new hostnames and specified a domain according to instructions.
    Our problem seems to be that we cannot use the "crypto key generate rsa" command to generate the keys we need to use SSH. We use this command all the time on our other 2960 and 4510 switches with no problems. We can issue other "crypto" commands but just cant generate the keys. Has anyone else experienced/fixed this problem? <!--break-->

    Switch#crypto key generate rsa modulus ?
    <360-4096> size of the key modulus [360-4096]
    I am running IOS version 3.5.3E and I can regenerate the key using the command "crypto key generate rsa modulus" command.

  • Any easy way to generate unique primary key for database table?

    I'm currently playing with the J2EE reference implementation from Sun which comes with the IBM Cloudscape database. This Cloudscape database supports the use of an AutoIncrement field.
    First question: Can I use CMP and assume that the database will generate a proper key for me? Anyone tried it out successfully before?
    Also, based on what I've heard so far, it seems that generating database primary key is not really well-supported by J2EE using CMP in that a lot of J2EE developers have to resort to workarounds like using a session bean, JDBC and (1) some seed numbers for ID implanted in the database itself (as in the J2EE tutorial DukesBankApp example) or (2) using the SQL MAX aggregation command + 1. Usign seed number is contradictory to good database design and using MAX is dangerous for heavy traffic application if 2 beans try to insert themselves into the database at the same time (synchronizarion problem).
    Anyway I find it dumb that we still have to go back to JDBC and SQL which was the reason why the concept Entity Bean was introduced; to make database persistence transparent! Now it seems that J2EE makes it worse and more troublesome than before.
    Second Question: Is there any easy (hopefully transparent/automatic) way of generating primary key ID?

    if you want to rely on your container or database then go hard, will probably be faster.
    to make a cross container/db soln I used a CMP Entity bean called Sequence with one field for uid
    I use one instance and increment the field each time.
    To do the logic, I have a utils class with static method, no need for session bean overhead
    I reckon this approach is OK considering all things

  • For UFT 12.5 trail version, where to put Locking ID in HP License Portal and generate License Key?

    I tried installing UFT 12.5 version. While launching UFT, it was asking me to generate License Key file. In the License portal->Activation->Certificates tab, when I put Locking ID and searched, it was throwing "No activation certificates were found for the search criteria you entered. Please search again." error message. Please help.

    I am not able to post any queries in this site: http://h30499.www3.hp.com/t5/Functional-Testing-QTP-Support/tkb-p/sws-Fun_TEST_SF%40tkb Please help.

Maybe you are looking for