When crypto key generate RSA is run it creates a Pair of RSA keys (certificates?); one public and one private key.
How does the client (secure crt, putty, etc.) and router or switch verify each others keys as valid?
The keys are generated locally on the router so I don't believe any external CA is able to verify the keys. Do they just trust each others key as valid and go ahead and make an SSH tunnel to encrypt their communication? Assuming that there is no harm in doing that because a valid router username and password is still required to enter the router or switch?