Can I regenerate the rsa key for SSH access to a Cisco router? Or should I completely erase the SSH config?

ssh cisco configuration router
19,053

Solution 1

Run show crypto key mypubkey rsa to see if you do, in fact, have a key fully generated and registered under a non-default name. If there is, then you can tell the ssh process to use this key with ip ssh rsa keypair-name xxx. If the first command doesn't show anything useful then I'd say you can go ahead and generate a new key.

You don't list your complete ssh configuration, so it's hard to know what to remove. Try sh run | inc ssh to see what's in there. In general ssh will start to work as soon as the process has a valid key. Remember that you may need to add authentication and, possibly, vty configuration if they aren't in place.

Solution 2

You could clear the previous key with the following command.

cisco(config)# crypto key zeroize rsa

Then sanitise the vty lines.

Simple SSH Config

cisco(config)# hostname <name>
cisco(config)# ip domain-name <domain>
cisco(config)# crypto key generate rsa
cisco(config)# ip ssh version 2
Share:
19,053

Related videos on Youtube

JoshP
Author by

JoshP

Updated on September 18, 2022

Comments

  • JoshP
    JoshP over 1 year

    I have a production 2691 that I administer via telnet. I'd like to change that to SSH. Looking at the config, it looks like there have been keys generated in the past. I think the history here is SSH was set up, they had issues connecting, and fell back to telnet.

    There are a number of crypto entries, including the following:

    crypto pki trustpoint Gateway-2691.xxx.com
 enrollment selfsigned
 subject-name cn=IOS-Gateway-2691.xxx.com
 revocation-check none
 rsakeypair Gateway-2691.xxx.com

    I've also got this going...

    Gateway-2691#sh ip ssh
SSH Disabled - version 1.99
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3
Gateway-2691#

    My question is simply, can I run crypto key generate rsa again to set it up again?

    Is there a way to negate or no all of the previous ssh config so that I can start fresh there?

    I may be asking the wrong questions, as I'm learning here. As for the SSH how-to, I'm sure I can find information in many places. I'm just basically wondering if I need to start fresh, or if I can pick up where the last attempt at SSH config left off.

  • JoshP
    JoshP over 11 years
    Thanks very much for your help. Nothing showed up running your show cmd there, so I created a new key. ssh up and running now :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco 881 throughput/bandwidth issue
cisco router : redirect any dns request to my own dns server
How Connect to Cisco router for the First Time
How to remove excluded-address ranges from a Cisco router config?
Script SSH to router and "enable" and run commands
QoS for Cisco Router to Prioritize Voice and Interactive Traffic
Cisco SSH key exchange fails from Ubuntu 14.04 (Client DH key range mismatch)
What is the difference between exec_command and send with invoke_shell() on Paramiko?
ssh connection to a router with a python script
What is a quick ssh command to know the system info/configuration