03-27-2008 10:13 PM
ssh configured on router
by following command
ip domain name
hostname
crypto key generate rsa
1024
while logging by ssh
it shows some message like
rsa fingerprint nc.ht.------
---------------------------connect yes/no ?
should i proceed or varify the key ?
if varify then how it should.
03-28-2008 12:51 AM
Proceed - on the first connection the key is pushed by the router to the client, so they can both encrypt and decrypt the traffic (the secure bit of ssh). The next time you connect you should not see this message, as the client usually caches this. You usually don't need to do anything else like install keys manually, the cline does this for you. I tend to use Putty for SSH, it seems to work fine with no drawbacks.
Hope this helps.
03-28-2008 05:39 AM
Thanks
i have another problem for ssh - router
after pusshing the command
crypto key generate rsa
1024
ip ssh version 2
it again ask for
generate the rsa key
is there any problem with IOS bug ?
for another router while logging every time message is like
the first cipher suported by server is single-des , which is below -----
do you want to continue with this connection.
Kindly suggest in both cases what i should do?
03-28-2008 03:23 PM
Just tried it on mt 831 and it works fine. I am running 12.3(2)XE4, so maybe it is a version issue.
First though, try removing the key and re-generating it. Do a crypto key zeroize rsa command and try again. If it is still the same, I think you should try a newer version of the IOS.
I am guessing, but I think the second router has too small a key modulus. Try to remove the key, and regenerate it. If it is the same, try new IOS.
I don't play with SSH too much, just usually set up, restrict access to the vty to just SSH, and forget it. So I am not sure the above is correct, but it is a good place to start.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide