Thanks, Ruggero

It's actually up and running and configured with VLANs etc. However, the hostname is xxPOE1 and all the other switches in the domain have a better name that identifies what function they do and where they are located.

I just want to change the hostname of this switch so it is in line with the others, but do not want to affect anything else that will rely on the old hostname or have to do a reload. Hope I've made sense?

Ok, I understood it know 

Normally if you change an hostname on the switch it does not have any impact on the configuration.

The only thing you might want to do is to update your DNS records to reflect the new Hostname in your Corporate DNS Server, in case you need to ping the device with the hostname from a test PC.

Or if you have a monitoring tools that is monitoring your switch, you might want to rediscover the device to reflect the new hostname in the monitoring tool.

Hope it helps

Many thanks,

Just for completeness, if I changed the hostname and did not put  "crypto key generate rsa", I'm assuming I would only lose SSH access? How about the pki certificate chain? Do I need to enter a command there also?

Thanks.

Hi,

The "pki certificate chain" can be used for many pruposes, one being for instance SSL encryption for the management site and PKI, (public key infrastructure) is used  for allowing https access to the switch, if you want to access the switch web interface for example.

Changing the hostname does not have any effect on that command.

Thanks a lot!

I'll give it go.

HI Ruggero ,

   RSA keys are generated with the combination of domain name & host-name . So if you change your host-name how will you be still able to access the device via ssh ? 

Thanks

Maru

Yes they are generated with a combination of domain and hostname, however once you have generated them and you change the hostname you will still be able to SSH to the device, there is no need to generate a new pair. SSH does not make a match with your DNS record and what's is inside the RSA key.

Thanks Ruggero ,

   Few times I see this error while trying to ssh into device , what should we do in these cases ?

[network@$$$$$ ~]$ ssh -l ***** 10.60.x.x
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
db:75:2a:45:28:64:9d:44:3b:5c:09:09:ac:2b:61:d3.
Please contact your system administrator.
Add correct host key in /home/network/.ssh/known_hosts to get rid of this message.
Offending key in /home/network/.ssh/known_hosts:1438
RSA host key for 10.60.73.2 has changed and you have requested strict checking.
Host key verification failed.

This happens when you permanently save the host key in your client cache, by saving it, the SSH client software will do an integrity check to verify if the key is being maliciously changed by a potential attacker. So if you saved the key on the client side and on the remote machine to which you connect 10.60.x.x you have refreshed or regenerated the keys, it will prompt you with a message that someone could be hacking the system.

So if it was not you or one of your colleagues, doing the change in the host key on the remote end, I'd make sure keys gets regenerated again and that you make sure your authentication on the remote end (Radius, local usernames or whatever you have) is not compromised.

If it was done by you, then just update the known_hosts information with the newly generated key so that each time you connect to the remote end , youwill have a correct match.