05-25-2006 11:02 AM
I have cleared the keys (crypto key zeroise rsa) but can't get the new one generated. I can't get this complete so I can then SSH into the box. When I give the generate command (crypto key gen rsa gen mod 1024) it says it does it, but I can't find it.
TFYH
-Steve
05-25-2006 05:55 PM
Did you "ca save all" and "write memory"?
05-26-2006 03:55 AM
wr mem on many occasions. No such command as a "ca save all" in this IOS (3845 router running 12.3)
S.
05-26-2006 09:29 AM
Never mind "ca save all". It's a PIX command. So "show crypto key mypubkey rsa" shows nothing?
05-26-2006 11:44 AM
I can in fact see the key here, but I normally expect them to show up when doing a show run. Nothing there.
05-26-2006 10:09 AM
What do you get for output when you enter "sho cry key mypub rsa"?
05-30-2006 03:41 AM
MIACIS1#sh crypto key mypubkey rsa
% Key pair was generated at: 15:03:37 EDT May 25 2006
Key name: MIACIS1.miami
Usage: General Purpose Key
Key is not exportable.
Key Data:
Lots of hex
% Key pair was generated at: 07:26:52 EDT May 30 2006
Key name: MIACIS1.miami.server
Usage: Encryption Key
Key is not exportable.
Key Data:
Lots more hex.. I won't bore you.
MIACIS1#
05-30-2006 06:28 AM
Normally the key pairs do not show up in the 'sho run' command. The only way to view them is with the "sh crypto key mypubkey rsa". So it appears all is working according to plan.
Do you have a connection issue? Can you connect using some SSH terminal program (PuTTy)?
After you make a connection, you will see a third key. It's date/time will change as it's the last negotiated encryption key from the last SSH session. For instance:
CRPDRVMR3#sh crypto key mypubkey rsa
% Key pair was generated at: 08:47:46 EDT May 18 2006
Key name: HTTPS_SS_CERT_KEYPAIR
Usage: General Purpose Key
Key is not exportable.
Key Data:
[Hex Data]
% Key pair was generated at: 12:35:38 EDT May 18 2006
Key name: CRPDRVMR3.cswg.com
Usage: General Purpose Key
Key is not exportable.
Key Data:
[Hex Data]
% Key pair was generated at: 09:22:41 EDT May 30 2006
Key name: CRPDRVMR3.cswg.com.server
Usage: Encryption Key
Key is not exportable.
Key Data:
[Hex Data]
CRPDRVMR3#
HTH and if so, please rate.
05-28-2006 10:39 AM
A lot will depend on the platform.
The trick to a 7200, for me, was:
crypto key ge rsa usage-keys label [hostname]
On one platform, I had to use:
ip ssh rsa keypair-name [hostname]
but I was in a big hurry, so that was anecdotal at best.
On some older platforms, I found that the ssh string from the routers and switches I was using to test with was also important. One example is:
ssh -o numberofpasswordprompts 2 -c 3des -l [username] [IP address]
Login local and a username / password were required on the router. This is probably not the issue, but I thought it worth mentioning.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide