Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2123
Views
0
Helpful
8
Replies

Crypto keys aren't being generated

f1jsb79
Level 1
Level 1

‎05-25-2006 11:02 AM

I have cleared the keys (crypto key zeroise rsa) but can't get the new one generated. I can't get this complete so I can then SSH into the box. When I give the generate command (crypto key gen rsa gen mod 1024) it says it does it, but I can't find it.

TFYH

-Steve

Labels:
0 Helpful
8 Replies 8

yjdabear
VIP Alumni
VIP Alumni

‎05-25-2006 05:55 PM

Did you "ca save all" and "write memory"?

0 Helpful

f1jsb79
Level 1
Level 1
In response to yjdabear

‎05-26-2006 03:55 AM

wr mem on many occasions. No such command as a "ca save all" in this IOS (3845 router running 12.3)

S.

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to f1jsb79

‎05-26-2006 09:29 AM

Never mind "ca save all". It's a PIX command. So "show crypto key mypubkey rsa" shows nothing?

0 Helpful

f1jsb79
Level 1
Level 1
In response to yjdabear

‎05-26-2006 11:44 AM

I can in fact see the key here, but I normally expect them to show up when doing a show run. Nothing there.

0 Helpful

jphilope
Level 3
Level 3

‎05-26-2006 10:09 AM

What do you get for output when you enter "sho cry key mypub rsa"?

0 Helpful

f1jsb79
Level 1
Level 1
In response to jphilope

‎05-30-2006 03:41 AM

MIACIS1#sh crypto key mypubkey rsa

% Key pair was generated at: 15:03:37 EDT May 25 2006

Key name: MIACIS1.miami

Usage: General Purpose Key

Key is not exportable.

Key Data:

Lots of hex

% Key pair was generated at: 07:26:52 EDT May 30 2006

Key name: MIACIS1.miami.server

Usage: Encryption Key

Key is not exportable.

Key Data:

Lots more hex.. I won't bore you.

MIACIS1#

0 Helpful

jphilope
Level 3
Level 3
In response to f1jsb79

‎05-30-2006 06:28 AM

Normally the key pairs do not show up in the 'sho run' command. The only way to view them is with the "sh crypto key mypubkey rsa". So it appears all is working according to plan.

Do you have a connection issue? Can you connect using some SSH terminal program (PuTTy)?

After you make a connection, you will see a third key. It's date/time will change as it's the last negotiated encryption key from the last SSH session. For instance:

CRPDRVMR3#sh crypto key mypubkey rsa

% Key pair was generated at: 08:47:46 EDT May 18 2006

Key name: HTTPS_SS_CERT_KEYPAIR

Usage: General Purpose Key

Key is not exportable.

Key Data:

[Hex Data]

% Key pair was generated at: 12:35:38 EDT May 18 2006

Key name: CRPDRVMR3.cswg.com

Usage: General Purpose Key

Key is not exportable.

Key Data:

[Hex Data]

% Key pair was generated at: 09:22:41 EDT May 30 2006

Key name: CRPDRVMR3.cswg.com.server

Usage: Encryption Key

Key is not exportable.

Key Data:

[Hex Data]

CRPDRVMR3#

HTH and if so, please rate.

0 Helpful

ForneyJR
Level 1
Level 1

‎05-28-2006 10:39 AM

A lot will depend on the platform.

The trick to a 7200, for me, was:

crypto key ge rsa usage-keys label [hostname]

On one platform, I had to use:

ip ssh rsa keypair-name [hostname]

but I was in a big hurry, so that was anecdotal at best.

On some older platforms, I found that the ssh string from the routers and switches I was using to test with was also important. One example is:

ssh -o numberofpasswordprompts 2 -c 3des -l [username] [IP address]

Login local and a username / password were required on the router. This is probably not the issue, but I thought it worth mentioning.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents