Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
3
Replies

RSA SSH on IOS Bug?

Simon Vickers
Level 1
Level 1

‎12-17-2010 05:33 AM - edited ‎03-06-2019 02:35 PM

Hi All,

Just found an issue with RSA keys for SSH on a 2901 router, image c2900-universalk9-mz.SPA.150-1.M2 (provided with the unit).

I can enter an RSA key in to the pubkey-chain successfully and can then connect to the device using my private key.

When the device reloads then I suddenly have a configuration that is default, although my RSA key is still there.  The problem seems to be that once the command to add my key hash to the pubkey-chain has successfully completed all further commands are out of context and generate an error.

Has anyone else seen this behaviour and/or is there a fix for this problem?

Living in hope

Simon

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎12-17-2010 11:38 AM

Simon

I am not clear in your description when you say that after reload that the router is back to default configuration whether you mean that the complete config is gone and the entire config is back to default or whether it is only the commands about the RSA keys that is impacted. Can you clarify?

If it is a problem that the entire config goes back to default the most likely cause of this is that the config-register has been set to a value (typically 0x2142) which instructs the router to ignore startup-config at boot time. Can you check and tell us what is the current value of the config-register (look in the bottom of the output of show version)?

HTH

Rick

HTH

Rick
0 Helpful

Simon Vickers
Level 1
Level 1
In response to Richard Burts

‎12-20-2010 04:02 AM

Hi Rick,

It is basically a default config as every command in the startup config that appears AFTER the key hash fails.  Every command before is accepted. 

It appears that there is no return from the pubkey-chain configuration context so things like class-map, policy-map, interface, etc are not valid commands within the pubkey-chain context.

It is not a problem with the config reg as there is an attempt to apply each subsequent command (after the key hash) but each command fails.

Regards,

Simon

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Simon Vickers

‎12-20-2010 05:23 AM

Simon

With this clarification it certainly sounds like a bug. I would suggest that you raise this issue with Cisco TAC.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents