Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4912
Views
5
Helpful
2
Replies

SSH Still Working after Hostname change???

Go to solution
David_Mitchell
Level 1
Level 1

‎01-09-2014 01:07 AM - edited ‎02-21-2020 05:04 AM

Hi all,

I was under the impression (from past experiences) that SSH self-signed certificates are made up of the Hostname and the Domain Name of the router.

I have been working on a customer network and I can see that the SSH RSA certificate is using the old hostname of the device+domain name but SSH still works both inbound and outbound on the VTY lines!

I thought you had to zeroize the keys and recreate using the crypto key generate rsa command in order to continue to use SSH after a hostname change so that the new certificate contains the new hostname?

Any explanation would be greately appreciated

Many thanks

David

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Carlo Poggiarelli
VIP
VIP

‎01-09-2014 01:13 AM

Hi David.

Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.

What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

View solution in original post

2 Replies 2

Go to solution
Carlo Poggiarelli
VIP
VIP

‎01-09-2014 01:13 AM

Hi David.

Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.

What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

Go to solution
David_Mitchell
Level 1
Level 1
In response to Carlo Poggiarelli

‎01-09-2014 02:59 AM

Thanks for confirming Carlo, this had to be the case as I am seeing it work with old certificate but I just needed to check as I thought in the past I had to re-generate the cert first.  Thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card