cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1917
Views
0
Helpful
5
Replies

ASA SSH issue, RSA key may be corrupted?

XIE YAO
Level 1
Level 1

Hi Expert,

Recently came across one issue on client that every time ASA reboots, SSH will not work.

It looks very likely that private key seems corrupted as I have to zeroize the old key and regenerate a new one, any idea why this is happening?

 

SSH session from x.x.x.x on interface outside for user "" disconnected by SSH server, reason: "Internal error" (0x00)

 

Regards

Jack

5 Replies 5

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I think this might be related to the corrupt flash otherwise i don't think this should be corrupting the keys after the reloading of the ASA device.

Try an fsck flash and see if that throws any errors ?

Thanks and Regards,

Vibhor Amrodia

Actually, this was what I didn't figure out, why I can't seems to find any key under flash/disk0? is this by design that the key can't be easily found?

 

Marvin Rhoads
Hall of Fame
Hall of Fame

I seem to recall a bug around this issue. What version of ASA software are you running?

8.2.5, without any interim hotfix

Can you verify you have

aaa authentication ssh console LOCAL

...set?

You might also try "debug ip ssh" and/or also look at a packet trace from your client when trying to connect. They may give a more useful and precise error message.

Re your other question - yes the RSA key is not shown in a filesystem directory. 

Review Cisco Networking for a $25 gift card