cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1597
Views
0
Helpful
5
Replies

ASA SSH issue, RSA key may be corrupted?

XIE YAO
Level 1
Level 1

Hi Expert,

Recently came across one issue on client that every time ASA reboots, SSH will not work.

It looks very likely that private key seems corrupted as I have to zeroize the old key and regenerate a new one, any idea why this is happening?

 

SSH session from x.x.x.x on interface outside for user "" disconnected by SSH server, reason: "Internal error" (0x00)

 

Regards

Jack

5 Replies 5

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I think this might be related to the corrupt flash otherwise i don't think this should be corrupting the keys after the reloading of the ASA device.

Try an fsck flash and see if that throws any errors ?

Thanks and Regards,

Vibhor Amrodia

Actually, this was what I didn't figure out, why I can't seems to find any key under flash/disk0? is this by design that the key can't be easily found?

 

Marvin Rhoads
Hall of Fame
Hall of Fame

I seem to recall a bug around this issue. What version of ASA software are you running?

8.2.5, without any interim hotfix

Can you verify you have

aaa authentication ssh console LOCAL

...set?

You might also try "debug ip ssh" and/or also look at a packet trace from your client when trying to connect. They may give a more useful and precise error message.

Re your other question - yes the RSA key is not shown in a filesystem directory. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: