SSH fails due to missing Crypto keys in Catalyst 6500 switch with Sup720 running Cisco IOS is reloaded

Document

Wed, 07/22/2009 - 19:52
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue

When switch is reloaded, the crypto keys disappear even though the write memory command is issued before every reload.

After you configure the Sup720 for Secure Shell (SSH), SSH works. But after a reload, SSH no longer works. This occurs because the Rivest, Shamir, and Adelman (RSA) key is on longer in there. When the RSA key is regenerated, the SSH works again.

This problem is documented in Cisco bug ID CSCeb54694.


Resolution

Complete these steps for a  workaround:

  1. Generate the RSA key everytime after reload. In order to generate RSA key pairs, use the crypto key generate rsa command in global configuration mode.
  2. This problem is resolved in Cisco IOS  12.2(17b)SXA and later, which can be downloaded from Cisco Downloads.
Loading.

Actions

This Document

Related Content