08-14-2024 01:49 AM
hi all,
if i change the switch's ip and hostname, can people still ssh in the switch with there pub key's or will they need to put back in there pub keys again as i need to redo the
crypto key generate rsa
thanks,
rob
08-14-2024 02:07 AM
Hi @robertkwild,
You will still be able to SSH to the switch after regenerating the SSH keys. The configured public key for each user will not change during this process.
08-14-2024 02:09 AM - edited 08-14-2024 02:12 AM
so basically if i do a
crypto key generate rsa
people will still be able to ssh in with there pub key's ?
if i change the switch's ip/hostname, will it affect the switch's private/public key ?
obvs people can still ssh in using there username and password
08-14-2024 02:33 AM
Yes, they will still be able to SSH in with their keys.
Generating new keys will affect the keys that authenticate _the switch_, not the users. So the SSH client of the users will probably consider the switch to be a "new host" and they will likely have to accept connection to the "new host" before connecting.
08-14-2024 04:02 AM
ok i have changed all hostnames and ips and now trying to connect to them via another switch via
i get this
add correct host key in ...
offending RSA key in ...
how do i delete the host key so it can add the right host key ?
thanks,
rob
08-14-2024 04:17 AM
hello!
I would try regenerating the key with: crypto key generate rsa modulus 2048.
BR
08-14-2024 04:30 AM
when you change hostname or domain you need to generate the new public key why ?
because
crypto key generate rsa
the SW/R generate two public key one for client hostname+domian and other is for server hostname+domain.server
how can I check these rsa
use
show crypto key mypubkey rsa
how can I delete these key (if you want)
crypto key zeroize <rsa for client name >
crypto key zeroize < rsa for server name>
NOTE:- dont use crypto key zeroize wihtout name it will delete all rsa key
then generate new rsa key
by
crypto key generate rsa <<- you can use 1024 or 2048
MHM
08-14-2024 04:39 AM
on what switch sorry, all the switches i changed the ips hostnames or the switch that im issuing the ssh command ie the ssh username@{ip-address} ?
08-14-2024 04:43 AM
On SW you change it hostname and IP and try access it via ssh.
Also if it be real network be careful when ypu use crypto key zeroize command
Ask as much as you can before applying any single command
Thanks alot
MHM
08-14-2024 04:52 AM
**bleep**...so i need to do this on all the switches i changed the ip and hostname for?
08-14-2024 04:58 AM - edited 08-14-2024 04:59 AM
Yes you need in all SW change it hostname
-Mandatory
crypto key generate rsa <<- you can use 1024 or 2048
-Optional ( most engineer not do this step)
crypto key zeroize <old rsa for client name >
crypto key zeroize <old rsa for server name>
MHM
08-14-2024 05:05 AM
so basically do the below for all the switches i changed the ip hostname plus do this for the switch im running the ssh username@{ip-address}
crypto key zeroize rsa
crypto key generate rsa modulus 2048
08-14-2024 05:09 AM
Maybe you miss one step I share before
Share this of one SW
show crypto key mypubkey rsa
MHM
08-14-2024 05:50 AM - edited 08-14-2024 05:53 AM
that was laborius so on all the switches i changed the ip hostname i did this
show crypto key mypubkey rsa
crypto key zeroize rsa {key}
crypto key generate rsa modulus 2048
now when i issue show rsa i get the correct key with hostname of switch
now trying to connect to it via another switch i still get error saying the key has changed, how do i delete the key ?
is there a way to list all the keys and just delete that key or do i have to do what i did before
08-14-2024 05:56 AM
Key is change is just notification not error, press enter let SW (use for access) use new key
Also to check use show command in SW(use for access) to see if any old key of SW (you want to access) still appear
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide