Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1201
Views
0
Helpful
5
Replies

Delete cached SSH server key in FXOS

Go to solution
a12288
Level 3
Level 3

‎07-02-2024 01:30 PM

We are using SCP to backup FXOS config and recently upgraded the SCP server from RHEL7 to RHEL9 but managed to retain the same IP address. I got the following error message when doing the SCP back up.

"Host key has changed for the remote server. Clear the cached host key and retry#"

I have not found out a way to delete the server host key in FXOS "CLI", unlike FTD I can use expert mode to enter the OS level. Has anyone done this before? Thanks.

Leo

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-03-2024 08:31 AM

For the fxos ssh server-key, you can delete is as documented below:

firepower # scope system
firepower /system # scope services
firepower /system/services # delete ssh-server host-key
firepower /system/services* # commit-buffer
firepower /system/services # show ssh-server host-key
Host Key Size: 2048
Deleted: Yes
firepower /system/services #

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/CLI_Reference_Guide/b_FXOS_CLI_reference/b_CLI_reference_chapter_010000.html?bookSearch=true#wp3811640616

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎07-03-2024 12:22 AM

 

  - This bug report is not for your case https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd87892
     but check it out for additional insights , 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-03-2024 08:31 AM

For the fxos ssh server-key, you can delete is as documented below:

firepower # scope system
firepower /system # scope services
firepower /system/services # delete ssh-server host-key
firepower /system/services* # commit-buffer
firepower /system/services # show ssh-server host-key
Host Key Size: 2048
Deleted: Yes
firepower /system/services #

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/CLI_Reference_Guide/b_FXOS_CLI_reference/b_CLI_reference_chapter_010000.html?bookSearch=true#wp3811640616

0 Helpful

Go to solution
a12288
Level 3
Level 3
In response to Marvin Rhoads

‎07-03-2024 01:25 PM

Thanks, Marvin.

I read cross this section before but thought it was for the FXOS itself so I just missed it.

Leo

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to a12288

‎07-03-2024 08:40 PM

Yes that command is for the FXOS itself. I wasn't sure which you needed to clear/update. You may need to open a TAC case if you need to clear the SCP server host key from FXOS as it does not appear to be publicly documented (as far as I can tell).

0 Helpful

Go to solution
a12288
Level 3
Level 3
In response to Marvin Rhoads

‎07-05-2024 02:19 PM

Can I re-generate FXOS host-key via GUI? I did not create them after I delete the old key so now I am able to SSH to FXOS. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card