cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8614
Views
16
Helpful
5
Replies

Cannot enable SSH on 4331

abngroupit
Level 1
Level 1

Hi there, im having a few issues enabling SSH on one of our 4331 ISR routers.

 

ABN_WAN1_4330(config)#do sh ip ssh
SSH Disabled - version 2.0
%Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): NONE

 

However I have generated a key - Key label is SSH as shown here:

 

ABN_WAN1_4330#sh crypto key mypubkey all
% Key pair was generated at: 18:19:04 WST Aug 16 2018
Key name: CISCO_IDEVID_SUDI
Key type: RSA KEYS
On Cryptographic Device: act2 (label=act2, key index=24)
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00D9F519 9C8C0C08 40E45502 02AAFC12 71C97924 1A363BCC F7F1FCBA B5DEB7E0
32DBD505 D3C32144 3F735256 FE06CDF7 6837E3AC ADD7388C 0E6F06B1 FC5ED1D7
EEFA7909 18D66BF8 9A0DBE8F 7F0F103E 54981913 5A4294FC 2523FAB9 12EA7272
69C5D296 AB397562 E333FAD8 C77EF986 B15E0F6D 710FAB01 527BF45E 199E989E
DB1847A3 ED42EA66 00FE8109 0D54F521 7F0ACBE4 B808458C F3046F1B 6AAA5003
9A1E0AAA 101F8CD6 0D775B20 52674D2D 15DA874D 95077DD6 EEA2FD2E 4615D0FC
FC7B189C DE2E18D8 CA779808 40F30A7A 3F3D1357 76B49B4F FBECB88D D0435CD3
A8922111 B3DFE708 88628830 05E46E25 D94371BC 0C6B587C 85A4717A DF581DF9
73020301 0001
% Key pair was generated at: 15:20:56 WST Oct 28 2019
Key name: SSH
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable. Redundancy enabled.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00C72883
A938D2DD 747384F0 B9AA39E1 A1F9535C DAB489F6 B4525D90 9718C5F1 AE780881
B78DE73C 59D5A547 11D13F71 98E028DD F597BDE9 8BAD77A7 D33D3CC2 8340E6CE
5D2F94F2 7FEFCA4F DC1EBA95 77C59629 146B7D16 B7E870EE 171B7099 E3463C54
4A76738A 6AC8BB10 8088B7D5 CD1A138A 65643D6A 4CCD64A2 161EBCCF 53020301
0001

 

I have also enabled

ip ssh version 2 

in the running configuration. Any ideas gratefully received!

 

running version:

Cisco IOS XE Software, Version 03.16.07b.S - Extended Support Release

 

 

1 Accepted Solution

Accepted Solutions

Have you assigned your labeled key to the SSH-config?

Here is a guide that I wrote some time ago:

https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

View solution in original post

5 Replies 5

Hello,

 

try and zeroize the RSA key, the enter a new one:

 

cryptp key zeroize rsa

 

Obviously, check if you have a domain name and a hostname configured on your router...

kapydan88
Level 4
Level 4

Do you use npe ios or normal?

 

sh ver pls

Have you assigned your labeled key to the SSH-config?

Here is a guide that I wrote some time ago:

https://community.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

Thanks Karsten! For some reason I had to specify the SSH RSA keypair on this router. Our 30 other routers didnt need this step or it happened automatically when the key was created. Thanks for the guide - very useful and it's now in my bookmarks :-)

I had the similar Issue and the Issue got fixed by generating the ssh key per Instruction above.. Thanks Karsten

Review Cisco Networking for a $25 gift card