SSH without ip domain name

marzi · ‎04-30-2023

Hi all

Recently I've configured a two different model of Cisco 9300 family devices:

C9300L-24UXG-4X-A with release Bengaluru 17.06.04

C9300L-24P-4X-E with release Cupertino 17.07.01.

On both, I've not configured ip domain-name abc.cde.com and I've not delpoyed a crypto key generate rsa command,

I've only enabled transport input ssh under vty line.

Then I've connected my PC to a switch port (same mgmt subnet ) and SSH works without ip domain-name.

Now the question is : Why does it works ? shouldn't it

I do not understand Hay something I do not know?

Thanks

Fabrizio

MHM Cisco World · ‎04-30-2023

Domain name is need for SW not for PC'

It need for SW for rsa key

So you can ssh to SW even if you dont config domain name in PC.

Flavio Miranda · ‎04-30-2023

Hi

The hostname and domain name is used when the router is generating the Keys. As you can see below

% Key pair was generated at: 15:24:55 UTC Sep 15 2019
Key name: Router-01.mylab.local
Key type: RSA KEYS

If you do not generate the Keys, router will not complain, although ssh will work just fine as you could prove.

And it is possible to generate the key without the domain name with

Router(config)#crypto key generate rsa modulus 1024 label BLUENETSEC

ammahend · ‎04-30-2023

Probably it’s using general purpose self signed cert, as far as I know these keys are unexportable, else you can use OpenSSL to calculate the fingerprint and compare it to what you were promoted when you SSH to device.

-hope this helps-