cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1458
Views
10
Helpful
7
Replies
Beginner

RSA keys disappear while upgrading IOS on Cisco 891F

Hi, We are upgrading IOS on all our Cisco 891F routers from version 15.3(3)M5 to version 15.6(3)M2 to be able to support Cisco IWAN. During the upgrade, the RSA keys that we have created disappears. After reboot we only have: % Key pair was generated at: 19:56:17 UTC Jul 15 2017 Key name: CISCO_IDEVID_SUDI Key type: RSA KEYS Temporary key Usage: General Purpose Key Key is not exportable. Key Data: This means that the certificates are not working, and SSH is not working. Has anyone else noticed this, and any suggestions for a workaound/fix? Thanks, Stefan
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Stefan,

Hi Stefan,

Please check the following bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd90410/?reffering_site=dumpcr

Regards,

Aditya

Please mark correct and helpful answers

View solution in original post

7 REPLIES 7
Highlighted
Beginner

I hit the same issue ~2 weeks

I hit the same issue ~2 weeks ago whenever I was upgrading image from c800-universalk9-mz.SPA.153-3.M7.bin to c800-universalk9-mz.SPA.154-3.M7.bin.

After reboot router lost all rsa keys and flash drive had file systems errors.

Fix was:

fsck /all

restore certificate bundle from pksh12 file I exported rsa keys, certificate and intermediate certificate before router upgrade.

I didn't take so much time except I had to go to remote site where router is.

VIP Advocate

Have not seen this issue per

Have not seen this issue per se, but i know that in some versions, the SUDI key that was automatically generated was being used for the SSH key. This is instead of the default RSA keypair generated for SSH ( because SUDI key is generated earlier). You may have to to change the SSH config to use the new key:

ip ssh rsa keypair-name keypair-name

It is possible the SUDI feature may have taken over your SSH key and caused the default RSA keys to be deleted since it was not being used. Might be worth a look to see if the issue can be reproduced on a non-production device.

Beginner

Hi,

Hi,

Have noticed the SUDI key and have already created a key with a name, but that also get deleted. Will try some more tests in the lab.

Thanks alot!

Cisco Employee

Hi Stefan,

Hi Stefan,

Please check the following bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd90410/?reffering_site=dumpcr

Regards,

Aditya

Please mark correct and helpful answers

View solution in original post

Beginner

Thanks alot, this was exactly

Thanks alot, this was exactly what I was looking for.

Will try to re-create it in the lab and post an update later today.

Thanks alot!

Cisco Employee

Hi Stefan,

Hi Stefan,

Happy to help.

Please close the discussion or mark the answer in case it helped you.

Regards,

Aditya

Beginner

Have been unable to recreate

Have been unable to recreate the problem...

But have upgraded several more, and after doing a "no archive" before the upgrade, all the upgrades have been working.

So thanks alot for finding it for me.