Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto keys aren't being generated

I have cleared the keys (crypto key zeroise rsa) but can't get the new one generated. I can't get this complete so I can then SSH into the box. When I give the generate command (crypto key gen rsa gen mod 1024) it says it does it, but I can't find it.

TFYH

-Steve

8 REPLIES
Blue

Re: Crypto keys aren't being generated

Did you "ca save all" and "write memory"?

New Member

Re: Crypto keys aren't being generated

wr mem on many occasions. No such command as a "ca save all" in this IOS (3845 router running 12.3)

S.

Blue

Re: Crypto keys aren't being generated

Never mind "ca save all". It's a PIX command. So "show crypto key mypubkey rsa" shows nothing?

New Member

Re: Crypto keys aren't being generated

I can in fact see the key here, but I normally expect them to show up when doing a show run. Nothing there.

New Member

Re: Crypto keys aren't being generated

What do you get for output when you enter "sho cry key mypub rsa"?

New Member

Re: Crypto keys aren't being generated

MIACIS1#sh crypto key mypubkey rsa

% Key pair was generated at: 15:03:37 EDT May 25 2006

Key name: MIACIS1.miami

Usage: General Purpose Key

Key is not exportable.

Key Data:

Lots of hex

% Key pair was generated at: 07:26:52 EDT May 30 2006

Key name: MIACIS1.miami.server

Usage: Encryption Key

Key is not exportable.

Key Data:

Lots more hex.. I won't bore you.

MIACIS1#

New Member

Re: Crypto keys aren't being generated

Normally the key pairs do not show up in the 'sho run' command. The only way to view them is with the "sh crypto key mypubkey rsa". So it appears all is working according to plan.

Do you have a connection issue? Can you connect using some SSH terminal program (PuTTy)?

After you make a connection, you will see a third key. It's date/time will change as it's the last negotiated encryption key from the last SSH session. For instance:

CRPDRVMR3#sh crypto key mypubkey rsa

% Key pair was generated at: 08:47:46 EDT May 18 2006

Key name: HTTPS_SS_CERT_KEYPAIR

Usage: General Purpose Key

Key is not exportable.

Key Data:

[Hex Data]

% Key pair was generated at: 12:35:38 EDT May 18 2006

Key name: CRPDRVMR3.cswg.com

Usage: General Purpose Key

Key is not exportable.

Key Data:

[Hex Data]

% Key pair was generated at: 09:22:41 EDT May 30 2006

Key name: CRPDRVMR3.cswg.com.server

Usage: Encryption Key

Key is not exportable.

Key Data:

[Hex Data]

CRPDRVMR3#

HTH and if so, please rate.

New Member

Re: Crypto keys aren't being generated

A lot will depend on the platform.

The trick to a 7200, for me, was:

crypto key ge rsa usage-keys label [hostname]

On one platform, I had to use:

ip ssh rsa keypair-name [hostname]

but I was in a big hurry, so that was anecdotal at best.

On some older platforms, I found that the ssh string from the routers and switches I was using to test with was also important. One example is:

ssh -o numberofpasswordprompts 2 -c 3des -l [username] [IP address]

Login local and a username / password were required on the router. This is probably not the issue, but I thought it worth mentioning.

Hope that helps.

289
Views
0
Helpful
8
Replies