Solved: Re: SSH ACCESS

PietroPoliseno27977 · ‎04-24-2020

Hi everyone, I am not clear about the speech of the ssh keys. In a lab to practice I created pc u server dns and a switch.
When I create the keys, after configuring vlan1 with its ip, I enter the domain name on the dns server and generate the keys as per the procedure. But the thing that is not clear to me is that I have not set any DNS server on the switch but only the IP address of Vlan 1. At this point, even if I use example.com as a domain, it generates the keys for me right? That is, it is not clear to me what server if I can put any domain x without even having pointed and configured it.

Martin L · ‎04-24-2020

As far as I know SSH needs device host name and domain name but not DNS server. DNS server would be needed to connect to your switch via "friendly" host name and not by IP. DNS server would resolve host name to IP so that you can connect to it. That's why L2 switches usually have IP set on Interface Vlan 1 - to be able to connect to switch in order to manage it.

View solution in original post

Marvin Rhoads · ‎04-24-2020

(Moving thread to proper forum)

The domain-name is just a value that Cisco historically required to use as input to the hash when creating the RSA key. It is completely independent of whether you use it for anything else or if it is even valid.

View solution in original post

paul driver · ‎04-24-2020

Hello

You can generate ssh keys without specify a DNS domain using a label

example:
crypto key generate rsa label <any-name-you-wish> general-keys modulus <key size>

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Martin L · ‎04-24-2020

As far as I know SSH needs device host name and domain name but not DNS server. DNS server would be needed to connect to your switch via "friendly" host name and not by IP. DNS server would resolve host name to IP so that you can connect to it. That's why L2 switches usually have IP set on Interface Vlan 1 - to be able to connect to switch in order to manage it.

Scott Leport · ‎04-24-2020

You need a domain name prior to configuring SSH.

Create your host name
Create a domain name (no DNS server required)
Create your SSH keys
Apply to your VTY lines

Test and your golden.

Marvin Rhoads · ‎04-24-2020

(Moving thread to proper forum)

The domain-name is just a value that Cisco historically required to use as input to the hash when creating the RSA key. It is completely independent of whether you use it for anything else or if it is even valid.

PietroPoliseno27977 · ‎04-24-2020

This is what makes confusion in fact not understood what it was for ..... so even if I put cisco.local it is the same

paul driver · ‎04-24-2020

Hello

You can generate ssh keys without specify a DNS domain using a label

example:
crypto key generate rsa label <any-name-you-wish> general-keys modulus <key size>

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

PietroPoliseno27977 · ‎04-25-2020

Yes I saw this solution yet but I was wondering Mardin mi ha detto che è una sorta di convenzione storica.