Generate RSA key on XR in VIRL on Boot

sihart · ‎03-22-2017

Hi All,

I currently use the following EEM script to generate an RSA key on bootup of an IOS image in VIRL

event manager session cli username "cisco"

event manager applet EEM_SSH_Keygen authorization bypass

event syslog pattern "SYS-5-RESTART"

action 0.0 info type routername

action 0.1 set status "none"

action 1.0 cli command "enable"

action 2.0 cli command "show ip ssh | include ^SSH"

action 2.1 regexp "([ED][^ ]+)" "$_cli_result" result status

action 2.2 syslog priority informational msg "SSH is currently $status"

action 3.0 if $status eq "Disabled"

action 3.1 cli command "configure terminal"

action 3.2 cli command "crypto key generate rsa gen modulus 1024"

action 3.3 cli command "end"

action 3.4 cli command "write mem"

action 3.5 syslog priority informational msg "SSH keys generated by EEM."

action 4.0 end

!

end

I am interested if anyone has created something similar for XR. XR does not support EEM applets, therefore the only way I can see of achieving this is through TCL. If someone has created such a TCL script could they share.

This would be really useful as Keys cannot be saved on reboot (no NVRAM in VIRL).

Thanks

Geevarghese Cheria · ‎06-09-2017

Hi Sihart,

Apologies for the delay in responding to you, Hope you have got the issue resolved. If not please post you question on the new space - https://learningnetwork.cisco.com/groups/virl

it is possible using EEM Applet for generating RSA and Work is underway to bring EEM cross-platform in a consistent way.

You can use the converter tool at http://www.marcuscom.com/convert_applet to convert an EEM applet to a corresponding Tcl policy. The resulting policy should work on XR.

Please Refer this url for more info - https://supportforums.cisco.com/discussion/12709366/eem-tcl-script-ios-xr

Thanks and Regards,

Geevarghese