Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14472
Views
1
Helpful
10
Replies

problem with ssh

Paolo Kobashikawa Higa
Level 1
Level 1

‎07-07-2014 07:55 PM - edited ‎03-07-2019 07:58 PM

I have a problem with ssh, I have a switch 6509, and it had two supervisors, one of them failed, and after that I could not enter to the switch by SSH.

Here is the configuration and the show commands that I put.

aaa new-model
ip domain-name sedapaldc.com.pe
ip ssh version 2
line vty 0 4
 exec-timeout 30 0
 password 7 <removed>
 transport input telnet ssh
line vty 5 15
 exec-timeout 30 0
 password 7 <removed>
 transport input ssh

Jul  7 11:38:24.925 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=15) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)  
Jul  7 11:38:49.625 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=23) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)  
Jul  7 11:39:23.949 GMT: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (1.46.5.158)
Jul  7 11:40:58.057 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=22) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)

 

sdp-p1-sw-core-1#sh ssh
%No SSHv1 server connections running.
%No SSHv2 server connections running.
sdp-p1-sw-core-1#sh ip ss
sdp-p1-sw-core-1#sh ip ssh  
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3

sdp-p1-sw-core-1#sh crypto key mypubkey rsa  
% Key pair was generated at: 14:01:32 GMT Jun 16 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe.server
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00D84532 ABC20E27  
  7D74F224 1F8711B7 7702766B 1C681C20 CB9DEC43 20C7848C 2E26F8DD 1604EE37  
  CCFD399B 500E6D9C DA75FEA4 4AA47BA0 65730668 E5DD076C B4FADC64 7F98B1B3  
  DE8AEBE4 94C20566 B390516C 9ED37A66 6BD54F24 EE23C17E 9D020301 0001
% Key pair was generated at: 11:09:10 GMT Jul 7 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe
 Storage Device: not specified
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
  30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00B7515C  
  5A6AE313 2A1FDEA0 089B6775 9E07B371 F6EDF8B6 89003463 6A64F7A8 A23DD750  
  02854971 EA0120A3 82501011 50ED6B2E 2A699965 5BEDF2F9 D1C991B8 EC595BB6  
  5CC7186A 64A231CD 5F695F92 FFFB745A 7AEDD103 0B6C1C51 02A506FD B2826398  
  65196B62 06B1B7D5 0D964223 9E97BA55 66FC4B66 C810D65E 874BBBAF CF020301 0001
% Key pair was generated at: 11:40:58 GMT Jul 7 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe.serve
 --More--         Temporary key
 --More--          Usage: Encryption Key
 --More--          Key is not exportable.
 --More--          Key Data:
 --More--           307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00AFEE25 6116FD03  
 --More--           5742752D FC016E5D F6D81619 9D4C49EE 8F4103B6 B80A6643 A0DBC381 C8291E39  
 --More--           8FCAF0A8 1E918248 134BCB7F D6019DCF 91A40281 025AC1D2 26F128CD FFE13BEF  
 --More--           8B92C20F ACC0E5B7 EDCC3639 8665E50C 3333E6D1 7D7D3BA3 D7020301 0001

 

 

any advice to fix this problem

 

best regard

Paolo Kobashikawa

 

 

 

1 person had this problem
Labels:
0 Helpful
10 Replies 10

Collin Clark
VIP Alumni
VIP Alumni

‎07-07-2014 08:01 PM

Have you tried regenerating the crypto key?

0 Helpful

Paolo Kobashikawa Higa
Level 1
Level 1
In response to Collin Clark

‎07-07-2014 08:09 PM

What I did was create again but I didnt delete all and then create it again. I will do it.

0 Helpful

Paolo Kobashikawa Higa
Level 1
Level 1
In response to Paolo Kobashikawa Higa

‎07-16-2014 10:30 AM

I did it, but it does not work.

0 Helpful

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎07-07-2014 08:04 PM

Hi , 

  Your RSA key need to be regenerated .Follow the below

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html#rsapvtkeyerr

Geting the "%SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for" Error

If you receive this error message, it may be caused due to any change in the domain name or host name. In order to resolve this, try these workarounds.

  • Zeroize the RSA keys and re-generate the keys.

    crypto key zeroize rsa label key_name
crypto key generate rsa label key_name modulus key_size

     

     

    HTH

    Sandy

0 Helpful

Paolo Kobashikawa Higa
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎07-07-2014 08:12 PM

Hi sandy, thanks for answer me, I have a question what is the key_name and the key_size?, because when I configure, I put the hostname, ip domain, aaa new model, and the crypto key generate rsa 1024.

0 Helpful

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4
In response to Paolo Kobashikawa Higa

‎07-07-2014 08:18 PM

 

Hi ,

 use as below 

crypto key generate rsa label sdp-p1-sw-core-1 modulus 2048.

 

HTH

Sandy

0 Helpful

Paolo Kobashikawa Higa
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎07-16-2014 10:29 AM

Hi Sandy

 

I tried what you told me but it does not work, the only thing that I havent tried is reboot the device, because is a core. I dont know if it has relation with the other supervisor ut that stop working. but I dont think so, do you have any another advice?

 

0 Helpful

rus-admin
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎07-07-2014 08:31 PM 

key_size must be > 2048 for work SSH v2
0 Helpful

Dwight Grupp
Level 1
Level 1

‎12-13-2020 08:40 PM - edited ‎12-13-2020 09:07 PM

Hi Paolo,

I was having this same issue as well and was able to fix it. I notice my solution was suggested in this thread, maybe I can provide some more detail to help.

No SSH server connections running.

carter#show ssh

%No SSHv2 server connections running.

%No SSHv1 server connections running.

This output suggests that the SSH server is disabled or not enabled properly. If you have already configured SSH, it is recommended that you reconfigure the SSH server in the device. Complete these steps in order to reconfigure SSH server on the device.

1.Delete the RSA key pair. After the RSA key pair is deleted, the SSH server is automatically disabled.

carter(config)#crypto key zeroize rsa

Note: It is important to generate a key-pair with at least 768 as bit size when you enable SSH v2

Caution: This command cannot be undone after you save your configuration, and after RSA keys have been deleted, you cannot use certificates or the CA or participate in certificate exchanges with other IP Security (IPSec) peers unless you reconfigure CA interoperability by regenerating RSA keys, getting the CA's certificate, and requesting your own certificate again. Refer to crypto key zeroize rsa - Cisco IOS Security Command Reference, Release 12.3 for more information on this command 

2.Reconfigure the hostname and domain name of the device. 

carter(config)#hostname hostname

carter(config)#ip domain-name mydomain.com

3.Generate an RSA key pair for your router, which automatically enables SSH.

carter(config)#crypto key generate rsa

Refer to crypto key generate rsa - Cisco IOS Security Command Reference, Release 12.3for more information on the usage of this command.

Note: You can receive theSSH2 0: Unexpected mesg type received error message due to a packet received that is not understandable by the router. Increase the key length while you generate rsa keys for ssh in order to resolve this issue

4.Configure SSH server. In order to enable and configure a Cisco router/switch for SSH server, you can configure SSH parameters. If you do not configure SSH parameters, the default values are used.

ip ssh {[timeoutseconds] | [authentication-retriesinteger]} 

carter(config)#ip ssh

Refer to ip ssh - Cisco IOS Security Command Reference, Release 12.3for more information on the usage of this command.

Also I would suggest watching this video on You Tube: https://www.youtube.com/watch?v=IcCQRrUXdiE&list=PLNK-QP_9HK1pVS7UfovNydUSUscQjhrkYhttps://www.youtube.com/watch?v=IcCQRrUXdiE&list=PLNK-QP_9HK1pVS7UfovNydUSUscQjhrkY 

Let me know if you have any questions and I will try to help!  

References:

https://www.coursehero.com/file/p7180ujs/No-SSH-server-connections-running-carter-show-ssh-No-SSHv2-server-connections/

https://www.youtube.com/watch?v=IcCQRrUXdiE&list=PLNK-QP_9HK1pVS7UfovNydUSUscQjhrkY

0 Helpful

paul driver
VIP
VIP

‎12-14-2020 01:31 AM

Hello

Try the following:
crypto key zeroize rsa
crypto key generate rsa label NEW_RSA general-keys modulus 2048
ip ssh version 2


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card