Doing what Pete/casanvep

g.lafreniere · ‎06-27-2013

Looking for some help with an issue,

I have two ASR 1002 Routers, One I can use PUTTY and SSH into just fine, the other gives me an error message "Server's host key did not match the signature supplied". Can anyone tell me how to resolve this? I have tried the obvious, which is re-generating another key and also generating a 1024 bit RSA key, and also re-loading the router itself. Can't seem to get around this problem, I can console in and everything looks just fine. Any ideas folks? Thanks for any assitance.

Greg

Chris McGarrah · ‎06-28-2013

Have you deleted the Putty host key entry in the Windows registry for this device ?

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

Not sure if that's what you meant when you said "re-generating another key"

g.lafreniere · ‎06-28-2013

No, when I say re-generating another key I meant I just did a "crypto key generate RSA" command to get a new crypto key. Could the fact that I'm using this router in an HSRP configuration be a factor? This router is the backup router that I can't SSH to, I can SSH to the primary just fine. Thanks.

Chris McGarrah · ‎06-28-2013

You probably have an old host key for the router cached in the registry.

I would go to that location in the windows registry and delete the entry for your secondary router and then try to SSH again. You should be presented with the new host key and asked if you want to cache it. Click Yes and you should be all set.

lbushman1 · ‎06-29-2015

I had this same problem on a new 4331 ISR I was configuring last week. It happened when I downgraded to a different version IOS XE (3.13.3 --> 3.13.2). If I changed back to the 3.13.3 version, the problem went away. I looked in the registry and deleted the key, but it didn't make any difference. I tried to ssh from a different computer (had never connected to that ISR before) and experienced the same problem. I'm starting to think this might be a bug.

Anyone have any luck with an actual solution to this? I did the "crypto key generate rsa..." command, but there was no change.

Paul McGurn · ‎07-01-2015

I just hit this in 3.15.0 as well. I upgraded to the 3.15.1S build, and it's no longer an issue. Definitely a bug.

casanavep · ‎07-08-2015

Seeing this on a 4331 running 03.15.01.S too (released 25-Jun-15). I need this OS for a module installed..... but, found a work around on another forum post; so, life's good:

add the following into your global config and test:

crypto key generate rsa modulus 2048 label test_key

ip ssh rsa keypair-name test_key

Good luck all!

Pete

brianrayne · ‎07-24-2015

I ran into this problem on our 4331 that's running 03.14.00.S. Thank you for this workaround, it allowed me to get it set up for SSH access.

lubkenmsd · ‎12-28-2015

I have 2x 4331 both running 03.15.02.S - one had the bug, the other didn't. Very strange. Adding the two lines above from Pete solved it on the buggy one. Thanks Pete!

Jimmy Cricket · ‎01-27-2016

Doing what Pete/casanvep suggested worked for me as well. I was doing my initial config via console and a previous individual had done some basic configuration, including hostname. I changed that and then setup networking to permit SSH and noticed the error in the title.

I am running a ISR4431 with version 3.15.02.S and it appears it doesn't probably reset the local SSH key / server setup just by doing a key regen.

Abid Abdul Latif · ‎04-19-2016

Thanks it worked

schwa · ‎09-12-2016

I ran into this same issue on version 15.5(2), and this workaround fixed it. Thanks!

saifbakht-ansari · ‎02-23-2017

Worked for me running Version 03.15.01c.S on 4451..Thanks!!

willgomz · ‎08-17-2017

Worked like a charm. Thank you. running version :isr4300-universalk9.03.15.03.S.155-2.S3-std

Will need to schedule a change control to upgrade that code.

anluarsa11 · ‎10-04-2017

Your hint worked perfectly for me.

Thank you very much!!!

SSH Putty "Server's host key did not match the signature supplied"