Looking for some help with an issue,
I have two ASR 1002 Routers, One I can use PUTTY and SSH into just fine, the other gives me an error message "Server's host key did not match the signature supplied". Can anyone tell me how to resolve this? I have tried the obvious, which is re-generating another key and also generating a 1024 bit RSA key, and also re-loading the router itself. Can't seem to get around this problem, I can console in and everything looks just fine. Any ideas folks? Thanks for any assitance.
Have you deleted the Putty host key entry in the Windows registry for this device ?
Not sure if that's what you meant when you said "re-generating another key"
No, when I say re-generating another key I meant I just did a "crypto key generate RSA" command to get a new crypto key. Could the fact that I'm using this router in an HSRP configuration be a factor? This router is the backup router that I can't SSH to, I can SSH to the primary just fine. Thanks.
You probably have an old host key for the router cached in the registry.
I would go to that location in the windows registry and delete the entry for your secondary router and then try to SSH again. You should be presented with the new host key and asked if you want to cache it. Click Yes and you should be all set.
I had this same problem on a new 4331 ISR I was configuring last week. It happened when I downgraded to a different version IOS XE (3.13.3 --> 3.13.2). If I changed back to the 3.13.3 version, the problem went away. I looked in the registry and deleted the key, but it didn't make any difference. I tried to ssh from a different computer (had never connected to that ISR before) and experienced the same problem. I'm starting to think this might be a bug.
Anyone have any luck with an actual solution to this? I did the "crypto key generate rsa..." command, but there was no change.
Seeing this on a 4331 running 03.15.01.S too (released 25-Jun-15). I need this OS for a module installed..... but, found a work around on another forum post; so, life's good:
add the following into your global config and test:
crypto key generate rsa modulus 2048 label test_key
ip ssh rsa keypair-name test_key
Good luck all!
I ran into this problem on our 4331 that's running 03.14.00.S. Thank you for this workaround, it allowed me to get it set up for SSH access.
I have 2x 4331 both running 03.15.02.S - one had the bug, the other didn't. Very strange. Adding the two lines above from Pete solved it on the buggy one. Thanks Pete!
Doing what Pete/casanvep suggested worked for me as well. I was doing my initial config via console and a previous individual had done some basic configuration, including hostname. I changed that and then setup networking to permit SSH and noticed the error in the title.
I am running a ISR4431 with version 3.15.02.S and it appears it doesn't probably reset the local SSH key / server setup just by doing a key regen.
Worked like a charm. Thank you. running version :isr4300-universalk9.03.15.03.S.155-2.S3-std
Will need to schedule a change control to upgrade that code.