11-23-2011 03:51 PM - edited 03-04-2019 02:23 PM
Hi, i have a switch 2960 24TC-L with c2960-lanbasek9-mz.150-1.SE.bin and SSH v1 enabled.
When i try to enable SSH v2 the swith tell me that i have to create a crypto key rsa. I generated the crypto key rsa with 1024 bits and when i try to enable the SSH v2 i receive the same message.
Solved! Go to Solution.
09-12-2023 11:09 PM
HI Peter,
I got another question. Now I was able to SSH and when I login i got a message beware of evesdropper. I know that the line VTY and aaa authentication was still there as well as the ACL. But I notice that the Crypto PKI truspoint TP Self Signed is empty. Is that normal after I removed the RSA?
09-19-2024 08:36 AM
Thanks a lot!
What worked for me was to make sure that SSH is using that particular RSA keypair using: ip ssh rsa keypair-name ssh.
02-27-2018 11:47 AM
Thanks a lot!
07-09-2020 10:44 AM
This helped me as well.
11-08-2023 05:16 AM
Hello,
Not necessary exactly the case, but similar. My case was then router did not allow to enable ssh even with keys (modulus 2048) already generated. The reason for that was unnecessary command then you do not use key pair ssh. So you may need to write the commands:
Router(config)#no ip ssh rsa keypair-name ssh
Router(config)#do crypto key zeroize
Router(config)#crypto key generate rsa general-keys modulus 2048
Router(config)#ip ssh version 2
That's it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide