Re: Adding SSH to Nexus 9000 series switches

John N · ‎09-15-2025

I am setting up 4 new Nexus switches. I just finished adding VLANs. I understand to add SSH you do not add to a VTY line as other switches but instead do a feature ssh. The steps I followed are below and I am still unable.

conf t

ssh key rsa 2048 force

feature ssh

show ssh key

copy-running config startup-config

I got the error below when i run a show ssh key

count not retrieve dsa key information

could not retrieve ecdsa key information

MHM Cisco World · ‎09-15-2025

count not retrieve dsa key information

could not retrieve ecdsa key information

I think this is normal' ssh support three key algo

1- rsa

2- dsa

3- ecdsa

You add key only for rsa so other two algo missing key.

This make you access nexus via ssh using only rsa.

No problem

MHM

John N · ‎09-15-2025

I am still unable to ssh in for some reason....

Mark Elsen · ‎09-15-2025

- @John N What happens when you try ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

John N · ‎09-15-2025

It just times out.

MHM Cisco World · ‎09-15-2025

Debug ssh all <<- share this when you try to ssh to nexus

MHM

John N · ‎09-15-2025

Hmm weird there isn't a debug ssh however I was able to find debug ip packet protocol 22. I ran it and nothing happened but it did accept the command however no output.

MHM Cisco World · ‎09-15-2025

Nothing appear'

You can ping from PC to mgmt vlan IP?

MHM

John N · ‎09-15-2025

No i am unable to even do that... so its confusing - For this brand of Nexus it appears there is out of band Mgmt 0 IP which is different then the switch level IP which is created on the VLAN's if i am not mistaken.

MHM Cisco World · ‎09-15-2025

Correct' mgmt have it vrf rib and separate from data rib that why ping failed and ssh.

Try

1- add vlan x to any port

2- config svi for vlan x

3- use IP in PC in same subnet of vlanx

4- connect PC to port assign to vlan x

Then try ping' if you sucess then try ssh

(Share result of debug if it failed)

MHM

Mark Elsen · ‎09-15-2025

- @John N Check logs on the nexus when trying to connect ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Stefan Mihajlov · ‎09-15-2025

@John N

Hi John,

On Nexus switches that output is completely normal. The system will only display information for the key types you’ve actually generated, so since you created an RSA key, the messages about DSA and ECDSA just mean those keys don’t exist — they’re not errors that prevent SSH from working. The important part is that feature ssh is enabled, the RSA key is present, and you have at least one local user with a password and role defined. As long as the management interface has IP reachability, you should be able to connect via SSH from an external host without issues.

Best regards,
Stefan Mihajlov

Mark this post as Helpful if it helped you, and Accept as Solution if it resolved your question.

John N · ‎09-18-2025

Still no luck.. I am unsure but I also found the switches can't ping each other....might be unrelated but interesting.