SSH and crypto key generate command

thanks Soulja and Frabble,

Is it similar to a SSL VPN connection?

There is no IPSEC with SSH right?

The tunnel is formed when I put the ip address in Secure CRT or Putty and then I get a message that I have not ever logged in to that switch or router before and if I continue a SSL tunnel is formed?

I have only entered the "crypto key generate rsa" and then hit enter key
Then it prompts me for modulus size default of 512 but I usually change to 1024.

But all I need is to add a host name to the router and domain name and I have never imported a certificate or anything.

From Cisco document:

crypto key zeroize rsa
To delete all RSA keys from your router, use the crypto key zeroize rsa command in global configuration mode.

crypto key zeroize rsa [key-pair-label]

Syntax Description
 key-pair-label
 (Optional) Specifies the name of the key pair that router will delete.
 



Defaults
No default behavior or values.

Command Modes
Global configuration

Command History
 Release  Modification  
11.3 T
 This command was introduced.
 
12.2(8)T
 The key-pair-label argument was added.
 



Usage Guidelines
This command deletes all Rivest, Shamir, and Adelman (RSA) keys that were previously generated by your router unless you include the key-pair-label argument, which will delete only the specified RSA key pair. If you issue this command, you must also perform two additional tasks for each trustpoint that is associated with the key pair that was deleted:

•Ask the certification authority (CA) administrator to revoke your router's certificates at the CA; you must supply the challenge password you created when you originally obtained the router's certificates using the crypto ca enroll command.

•Manually remove the router's certificates from the configuration by removing the configured trustpoint (using the no crypto ca trustpoint name command.)



--------------------------------------------------------------------------------

Note This command cannot be undone (after you save your configuration), and after RSA keys have been deleted, you cannot use certificates or the CA or participate in certificate exchanges with other IP Security (IPSec) peers unless you reconfigure CA interoperability by regenerating RSA keys, getting the CA's certificate, and requesting your own certificate again.


--------------------------------------------------------------------------------

This command is not saved to the configuration.

Examples
The following example deletes the general-purpose RSA key pair that was previously generated for the router. After deleting the RSA key pair, the administrator contacts the CA administrator and requests that the certificate of the router be revoked. The administrator then deletes the certificate of the router from the configuration.

crypto key zeroize rsa
crypto ca certificate chain
 no certificate
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1104892

The way ssh works, is that the client presents its public key to the server. The server encrypts communication using that public key, and using it, sends its own public key back to the client. That communication can only be decypted using the client's private key. So now the client gets the server's public key and will encypt all future communication to the server using that public key.

Now both sides have each other's public keys and have verified that they can decrypt communication from the other side.