Error:Invalid number of bits (1024) for RSA key
Article ID: 279814
Updated On:
Products
Issue/Introduction
Restoring a backup from SGOS 6.7 to 7.3.8.1, failed with the error message "Invalid number of bits (1024) for RSA key"
Blue Coat SG#(config ssh-console)inline host-key rsa force end-XXXXXXXXXX-inline
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEAuXtSDFMrgfUDV4oKzBGfcbTIIVBBt9/TvPcPcRO7Pbk+9X2+WBud
QQDJB9JZbYpQkWi2gVf++vomhXTWBhw9gU8IuigHq/PlyL6GTeqoGjyDCp2LsfsBf5JAN/
uHOI0Lnm2ldBMliNmhAAAAAAEC
-----END OPENSSH PRIVATE KEY-----
end-XXXXXXXXXX--inline
% Invalid number of bits (1024) for RSA key
Environment
Release : 7.3.8.1 or above.
Component : ssh host key
Cause
In SGOS7.3, the minimum number of key bits that can be set with host-keypair is 2048, and the specification is such that it is not possible to set a 1024-bit key.
*The settings set at the time of upgrade will be carried over.
You can use 2048 bit or higher as a command option.
# (config ssh-console) create host-keypair [rsa [2048 | 3072 | 4096 ]
Resolution
If you have a 1024 bit key as backup information with SGOS7.3,
An error will occur when restoring, so if there is a 1024 bit key in the backup information,
As recommended in our manual, we recommend that you recreate it from the command.
----------------------------------------------------------
For better security, Symantec recommends that you specify a key size of 2048, 3072. or 4096 bits.
If the appliance currently has a 1024-bit RSA key configured, delete the existing key using the
# (config ssh-console) delete host-keypair rsa command and create a new key with a larger size.
----------------------------------------------------------
[How to recreate host key]
# (config ssh-console) delete host-keypair rsa
OK
# (config ssh-console) create host-keypair rsa 2048
OK
Feedback
