Ex-factory, all LCOS-based devices with an LCOS version earlier than 8.84 are equipped with a default set of cryptographic keys that are represented by the following fingerprints:
SSH
ssh-dss 27:c5:1d:9f:be:27:3d:50:d7:bf:c1:68:0b:18:97:d7
ssh-rsa 03:56:e6:52:ee:d2:da:f0:73:b5:df:3d:09:08:54:b7
If you have a device with LCOS 8.84 or later and you have not uploaded an individual key to the device, the internal SSH server will try to compile its own device-specific SSH keys after a configuration reset followed directly by a system restart. These include
- an SSH-2 RSA key of 2048-bit length and
- an SSH-2 DSS key of 1024-bit length (as defined in FIPS 186-2),
which the device stores as ssh_rsakey and ssh_dsakey in its internal file system.
If key generation is successful, the entry SSH: ... host key generated is entered as a note in the SYSLOG; if it fails, an entry SSH: host key generation failed, try later again with '...' is made as an alarm. If key generation fails (e.g. insufficient entropy), the device falls back to its factory cryptographic key.
sshkeygen -t rsa -b 2048 -f ssh_rsakey sshkeygen -t dsa -b 1024 -f ssh_dsakey