Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

problem with ssh

I have a problem with ssh, I have a switch 6509, and it had two supervisors, one of them failed, and after that I could not enter to the switch by SSH.

Here is the configuration and the show commands that I put.

aaa new-model
ip domain-name sedapaldc.com.pe
ip ssh version 2
line vty 0 4
 exec-timeout 30 0
 password 7 <removed>
 transport input telnet ssh
line vty 5 15
 exec-timeout 30 0
 password 7 <removed>
 transport input ssh

Jul  7 11:38:24.925 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=15) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)  
Jul  7 11:38:49.625 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=23) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)  
Jul  7 11:39:23.949 GMT: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (1.46.5.158)
Jul  7 11:40:58.057 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for sdp-p1-sw-core-1.sedapaldc.com.p -Process= "SSH Process", ipl= 0, pid= 162 : ios-base : (PID=16406, TID=22) : -Traceback=(s72033_rp-ipservicesk9_wan-6-dso-b.so+0x409E34) ([37:0]+0x3F77F0) ([37:0]+0x3F9690) ([27:-9]11+0x2CAD1C) ([38:0]+0x2CACF4)

 

sdp-p1-sw-core-1#sh ssh
%No SSHv1 server connections running.
%No SSHv2 server connections running.
sdp-p1-sw-core-1#sh ip ss
sdp-p1-sw-core-1#sh ip ssh  
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3

sdp-p1-sw-core-1#sh crypto key mypubkey rsa  
% Key pair was generated at: 14:01:32 GMT Jun 16 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe.server
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00D84532 ABC20E27  
  7D74F224 1F8711B7 7702766B 1C681C20 CB9DEC43 20C7848C 2E26F8DD 1604EE37  
  CCFD399B 500E6D9C DA75FEA4 4AA47BA0 65730668 E5DD076C B4FADC64 7F98B1B3  
  DE8AEBE4 94C20566 B390516C 9ED37A66 6BD54F24 EE23C17E 9D020301 0001
% Key pair was generated at: 11:09:10 GMT Jul 7 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe
 Storage Device: not specified
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
  30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00B7515C  
  5A6AE313 2A1FDEA0 089B6775 9E07B371 F6EDF8B6 89003463 6A64F7A8 A23DD750  
  02854971 EA0120A3 82501011 50ED6B2E 2A699965 5BEDF2F9 D1C991B8 EC595BB6  
  5CC7186A 64A231CD 5F695F92 FFFB745A 7AEDD103 0B6C1C51 02A506FD B2826398  
  65196B62 06B1B7D5 0D964223 9E97BA55 66FC4B66 C810D65E 874BBBAF CF020301 0001
% Key pair was generated at: 11:40:58 GMT Jul 7 2014
Key name: sdp-p1-sw-core-1.sedapaldc.com.pe.serve
 --More--         Temporary key
 --More--          Usage: Encryption Key
 --More--          Key is not exportable.
 --More--          Key Data:
 --More--           307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00AFEE25 6116FD03  
 --More--           5742752D FC016E5D F6D81619 9D4C49EE 8F4103B6 B80A6643 A0DBC381 C8291E39  
 --More--           8FCAF0A8 1E918248 134BCB7F D6019DCF 91A40281 025AC1D2 26F128CD FFE13BEF  
 --More--           8B92C20F ACC0E5B7 EDCC3639 8665E50C 3333E6D1 7D7D3BA3 D7020301 0001

 

 

any advice to fix this problem

 

best regard

Paolo Kobashikawa

 

 

 

Everyone's tags (2)
8 REPLIES

Have you tried regenerating

Have you tried regenerating the crypto key?

What I did was create again

What I did was create again but I didnt delete all and then create it again. I will do it.

I did it, but it does not

I did it, but it does not work.

Hi , 

Hi , 

  Your RSA key need to be regenerated .Follow the below

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html#rsapvtkeyerr

Geting the "%SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for" Error

If you receive this error message, it may be caused due to any change in the domain name or host name. In order to resolve this, try these workarounds.

  • Zeroize the RSA keys and re-generate the keys.

    crypto key zeroize rsa label key_name
    crypto key generate rsa label key_name modulus key_size

     

     

    HTH

    Sandy

Hi sandy, thanks for answer

Hi sandy, thanks for answer me, I have a question what is the key_name and the key_size?, because when I configure, I put the hostname, ip domain, aaa new model, and the crypto key generate rsa 1024.

 Hi , use as below crypto key

 

Hi ,

 use as below 

crypto key generate rsa label sdp-p1-sw-core-1 modulus 2048.

 

HTH

Sandy

Hi Sandy I tried what you

Hi Sandy

 

I tried what you told me but it does not work, the only thing that I havent tried is reboot the device, because is a core. I dont know if it has relation with the other supervisor ut that stop working. but I dont think so, do you have any another advice?

 

New Member

key_size must be > 2048 for

key_size must be > 2048 for work SSH v2
92
Views
0
Helpful
8
Replies