Re: changing ip hostname of switch will it change ssh

robertkwild · ‎08-14-2024

hi all,

if i change the switch's ip and hostname, can people still ssh in the switch with there pub key's or will they need to put back in there pub keys again as i need to redo the

crypto key generate rsa

thanks,

rob

Torbjørn · ‎08-14-2024

Hi @robertkwild,

You will still be able to SSH to the switch after regenerating the SSH keys. The configured public key for each user will not change during this process.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

robertkwild · ‎08-14-2024

so basically if i do a

crypto key generate rsa

people will still be able to ssh in with there pub key's ?

if i change the switch's ip/hostname, will it affect the switch's private/public key ?

obvs people can still ssh in using there username and password

Torbjørn · ‎08-14-2024

Yes, they will still be able to SSH in with their keys.

Generating new keys will affect the keys that authenticate _the switch_, not the users. So the SSH client of the users will probably consider the switch to be a "new host" and they will likely have to accept connection to the "new host" before connecting.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

robertkwild · ‎08-14-2024

ok i have changed all hostnames and ips and now trying to connect to them via another switch via

ssh username@{ip-address}

i get this

add correct host key in ...

offending RSA key in ...

how do i delete the host key so it can add the right host key ?

thanks,

rob

DanielP211 · ‎08-14-2024

hello!

I would try regenerating the key with: crypto key generate rsa modulus 2048.

BR

****Kindly rate all useful posts*****

MHM Cisco World · ‎08-14-2024

when you change hostname or domain you need to generate the new public key why ?
because
crypto key generate rsa

the SW/R generate two public key one for client hostname+domian and other is for server hostname+domain.server
how can I check these rsa

use
show crypto key mypubkey rsa

how can I delete these key (if you want)
crypto key zeroize <rsa for client name >

crypto key zeroize < rsa for server name>

NOTE:- dont use crypto key zeroize wihtout name it will delete all rsa key

then generate new rsa key
by
crypto key generate rsa <<- you can use 1024 or 2048

MHM

robertkwild · ‎08-14-2024

on what switch sorry, all the switches i changed the ips hostnames or the switch that im issuing the ssh command ie the ssh username@{ip-address} ?

MHM Cisco World · ‎08-14-2024

On SW you change it hostname and IP and try access it via ssh.

Also if it be real network be careful when ypu use crypto key zeroize command

Ask as much as you can before applying any single command

Thanks alot

MHM

robertkwild · ‎08-14-2024

**bleep**...so i need to do this on all the switches i changed the ip and hostname for?

MHM Cisco World · ‎08-14-2024

Yes you need in all SW change it hostname

-Mandatory

crypto key generate rsa <<- you can use 1024 or 2048

-Optional ( most engineer not do this step)

crypto key zeroize <old rsa for client name >

crypto key zeroize <old rsa for server name>

MHM

robertkwild · ‎08-14-2024

so basically do the below for all the switches i changed the ip hostname plus do this for the switch im running the ssh username@{ip-address}

crypto key zeroize rsa
crypto key generate rsa modulus 2048

MHM Cisco World · ‎08-14-2024

Maybe you miss one step I share before

Share this of one SW

show crypto key mypubkey rsa

MHM

robertkwild · ‎08-14-2024

that was laborius so on all the switches i changed the ip hostname i did this

show crypto key mypubkey rsa
crypto key zeroize rsa {key}
crypto key generate rsa modulus 2048

now when i issue show rsa i get the correct key with hostname of switch

now trying to connect to it via another switch i still get error saying the key has changed, how do i delete the key ?

is there a way to list all the keys and just delete that key or do i have to do what i did before

MHM Cisco World · ‎08-14-2024

Key is change is just notification not error, press enter let SW (use for access) use new key

Also to check use show command in SW(use for access) to see if any old key of SW (you want to access) still appear

MHM