I am moving from telnet to SSH remote access for all of my Cisco routers and switches. According to Cisco, with the latest IOS, the ip ssh rsa keypair-name command allows the user to specify the rsa key that is used for SSH connection. Previously, SSH was linked to the first RSA keys that were generated; so there is no way to know which key is used for SSH connection. My questions are:
- What is the security implication if I let the SSH connection linked to the default RSA key?
- What is the advantage to link the SSH connection to a known rsa key?