04-29-2019 10:19 PM
Hi,
I'm setup an asr9010, but cannot ssh to it and cannot use "crypto key gen rsa" command. Please kindly help to take a look.
Every time I tried to login, the log shows "SSHD_[65713]: %SECURITY-SSHD-3-ERR_GENERAL : Failed No Host Key configured on the device "
And I tried to use "crypto key generate rsa" command but cannot find it.
The following are 2 tries looking for the "crypto key gen rsa".
1st try:
RP/0/RSP0/CPU0:asr9010#admin
RP/0/RSP0/CPU0:asr9010(admin)#crypto ?
key Long term key operations
RP/0/RSP0/CPU0:asr9010(admin)#crypto key ?
import Import Public Key
zeroize Remove keys
2nd try:
RP/0/RSP0/CPU0:asr9010#conf
RP/0/RSP0/CPU0:asr9010(config)#crypto ?
ca Certification authority
fips-mode Enable FIPS mode
gdoi Configure GDOI policy
ipsec Configure IPSEC policy
ipsec-node ipsec node global configuration
isakmp Configure isakmp Options
map Enter a crypto map
FYI, here is the show version and show install active:
show version:
asr9k-k9sec-px, V 6.4.1[Default], Cisco Systems, at disk0:asr9k-k9sec-px-6.4.1
Built on Wed Mar 28 19:26:50 PDT 2018
By iox-lnx-009 in /auto/srcarchive14/prod/6.4.1/asr9k-px/ws for pie
show install active
Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-6.4.1/0x100305/mbiasr9k-rsp3.vm
Active Packages:
disk0:asr9k-fpd-px-6.4.1
disk0:asr9k-k9sec-px-6.4.1
disk0:asr9k-mini-px-6.4.1
Node 0/RSP1/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-6.4.1/0x100305/mbiasr9k-rsp3.vm
Active Packages:
disk0:asr9k-fpd-px-6.4.1
disk0:asr9k-k9sec-px-6.4.1
disk0:asr9k-mini-px-6.4.1
Node 0/0/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-6.4.1/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-k9sec-px-6.4.1
disk0:asr9k-mini-px-6.4.1
Node 0/1/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-6.4.1/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-k9sec-px-6.4.1
disk0:asr9k-mini-px-6.4.1
Solved! Go to Solution.
05-01-2019 05:49 PM
This issue has been fixed finally.
The root cause is, the configuration step in Cisco's document is someway not correct. The "crypto key generate rsa" command is under exec mode BUT NOT configure mode.
Here is the Cisco's document:
04-30-2019 01:11 AM
04-30-2019 12:38 PM
Hi Mark,
Thanks for your help, but commands in both step 5 and 6 are missing in the asr9010.
I did some research but only found nothing but "crypto key generate" requires k9 package. However, the k9sec package has been activated already as shown above.
04-30-2019 02:02 PM
04-30-2019 06:36 PM
05-01-2019 12:53 AM
05-01-2019 12:35 PM
Thanks Mark,
I didn't find any license request for the SSH, and I will schedule a maintenance window to upgrade or downgrade the IOS-XR and see if that works.
05-01-2019 05:49 PM
This issue has been fixed finally.
The root cause is, the configuration step in Cisco's document is someway not correct. The "crypto key generate rsa" command is under exec mode BUT NOT configure mode.
Here is the Cisco's document:
05-02-2019 01:10 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide