From SSH v1 to SSH v2

dponsdesserre · ‎09-27-2007

Hello .

I have changed my rsa key from 512 to 1024 with the following :

ip domain-name <bla>

crypto key generate rsa

1024

But i am still unable to connect via ssh V2 . It looks like the switch has kept the old domain name , see the message when i do the change

"% You already have RSA keys defined named sclisgh122.lon.uk.world.socgen.

"

this domain name is the domain i was using before on the device but not anymore .It lokos like the device is keeoing the old one for some reasons .

Do i need to reload the device or is there a way to "clear" the whole thing .

this a 6500-e running sup720 - 12.2(18)SXF8.

Cheers

David

yjdabear · ‎09-27-2007

1)

hostname rtr1

2)

ip domain-name mydomain.com

3) You MUST enable aaa new-model OR set ?login local? under vty configuration but not just ?login?

aaa new-model

4) You MUST create a user

username sshtest password 0 sshpass

5)

crypto key generate rsa

if you have RSA keys before you will recieve a message, type yes

% You already have RSA keys defined named rtr1.mydomain.com.

% Do you really want to replace them? [yes/no]: yes

it will ask for modulus size, 1024 is fine (it depends your security needs)

How many bits in the modulus [512]: 1024

6) You MUST set vty access method to all OR ssh (if you choose ssh telnet will be disabled)

line vty 0 4 transport input ssh

Martin Ermel · ‎09-27-2007

you should first delete the old rsa key before generating a new one with this command in global config mode:

crypto key zeroize rsa

dponsdesserre · ‎09-28-2007

Thanks guys , one more time !!!!!