Why does cisco IOS require domain-name to be set before SSH keys can be generated?

Posted by Daniel Papasian on Stack Overflow See other posts from Stack Overflow or by Daniel Papasian
Published on 2008-09-18T14:40:55Z Indexed on 2010/06/08 4:32 UTC
Read the original article Hit count: 212

Filed under:
|

Is there a technical reason why IOS requires the device's domain-name to be set (via ip domain-name) before an SSH key can be generated? Is the domain-name used in any way in the generation of the key?

Is there any way to force the generation of a key before the domain name is set?

UPDATE: Myself (before I posted this question) and others in your answer seem to think it may be used as either a salt or a source of entropy for the key. Wouldn't the domain-name be very predictable? This doesn't seem like a suitable source of entropy.

© Stack Overflow or respective owner

Related posts about ssh

Related posts about cisco-ios