Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2732
Views
1
Helpful
6
Replies

SSH ACCESS

Go to solution
PietroPoliseno27977
Spotlight
Spotlight

‎04-24-2020 06:35 AM

Hi everyone, I am not clear about the speech of the ssh keys. In a lab to practice I created pc u server dns and a switch.
When I create the keys, after configuring vlan1 with its ip, I enter the domain name on the dns server and generate the keys as per the procedure. But the thing that is not clear to me is that I have not set any DNS server on the switch but only the IP address of Vlan 1. At this point, even if I use example.com as a domain, it generates the keys for me right? That is, it is not clear to me what server if I can put any domain x without even having pointed and configured it.

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Martin L
VIP
VIP

‎04-24-2020 08:39 AM


As far as I know SSH needs device host name and domain name but not DNS server. DNS server would be needed to connect to your switch via "friendly" host name and not by IP. DNS server would resolve host name to IP so that you can connect to it. That's why L2 switches usually have IP set on Interface Vlan 1 - to be able to connect to switch in order to manage it.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-24-2020 10:15 AM

(Moving thread to proper forum)

 

The domain-name is just a value that Cisco historically required to use as input to the hash when creating the RSA key. It is completely independent of whether you use it for anything else or if it is even valid.

View solution in original post

Go to solution
paul driver
VIP
VIP

‎04-24-2020 11:21 AM - edited ‎04-24-2020 11:22 AM

Hello

You can generate ssh keys without specify a DNS domain using a label

example:
crypto key generate rsa label <any-name-you-wish> general-keys modulus <key size>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Martin L
VIP
VIP

‎04-24-2020 08:39 AM


As far as I know SSH needs device host name and domain name but not DNS server. DNS server would be needed to connect to your switch via "friendly" host name and not by IP. DNS server would resolve host name to IP so that you can connect to it. That's why L2 switches usually have IP set on Interface Vlan 1 - to be able to connect to switch in order to manage it.

0 Helpful

Go to solution
Scott Leport
Level 7
Level 7

‎04-24-2020 10:13 AM

You need a domain name prior to configuring SSH.

Create your host name
Create a domain name (no DNS server required)
Create your SSH keys
Apply to your VTY lines

Test and your golden.
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-24-2020 10:15 AM

(Moving thread to proper forum)

 

The domain-name is just a value that Cisco historically required to use as input to the hash when creating the RSA key. It is completely independent of whether you use it for anything else or if it is even valid.

Go to solution
PietroPoliseno27977
Spotlight
Spotlight
In response to Marvin Rhoads

‎04-24-2020 12:25 PM

This is what makes confusion in fact not understood what it was for ..... so even if I put cisco.local it is the same
0 Helpful

Go to solution
paul driver
VIP
VIP

‎04-24-2020 11:21 AM - edited ‎04-24-2020 11:22 AM

Hello

You can generate ssh keys without specify a DNS domain using a label

example:
crypto key generate rsa label <any-name-you-wish> general-keys modulus <key size>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
PietroPoliseno27977
Spotlight
Spotlight
In response to paul driver

‎04-25-2020 01:11 AM

Yes I saw this solution yet but I was wondering Mardin mi ha detto che è una sorta di convenzione storica.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card