Having a bit of a headache withone of our 6500s.
Hostname and domain names have changed on all devices, and now cannot log in via SSH on this one machine.
- Have tried regenerateing rsa keypairs
- Have tried zeroising keypairs before regenerating
- Have tried changing hostname and domain back to what is was before, zeroising, regenerating.
- Tried removing all reference to SSH from config (in attempt to get ssh service to stop)
- Tried changing ssh version between 1 & 2 (just for the hell of it)
All above fail.
I think that part of the issue is that the <hostname><domain>.server encryption key is missing (possibly due to my over zealous zeroising efforts) but can't figure out how to regenerate it
When attempting to SSH when version 1 active I get the following on terminal monitor:
2w1d: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for 6509.domain.com -Process= "SSH Process", ipl= 0, pid= 3
-Traceback= 415FB3E0 415F7D60 415F97E8 41358FBC 41358FA8
With version 2 active:
2w1d: SSH2 1: RSA_sign: private key not found
2w1d: SSH2 1: signature creation failed, status -1
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI3, RELEASE SOFTWARE (fc2)
6509#sh crypto key mypubkey rsa
% Key pair was generated at: 11:22:03 Summer Apr 7 2010
Key name: 6509.domain.com
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00DDAAB6
D51372C9 53088A7C D3029C3B C3C373CE 9B39B3BC 459A4CA9 2C441C59 1BE2C860
4F535D76 95FE7782 D5763D44 51E50008 68BFC799 13222334 29EE767D 5457B104
21A6276B 2E535A39 B4C3B64E 4158D42C 54AD51D5 2794A3DA 1D33A09D 19D65CB2
E73ABEA0 C1BFDA86 C4B6F903 14AC83B1 DA6E49C8 F269FEEF 94314492 D1020301 0001
(Note lack of .server encryption key)
Anyone got any ideas? As I'm all out!
Yes, it is a known issue in 12.2(33)SXI3.
Check out this bugID: CSCtc41114: