Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH Still Working after Hostname change???

Hi all,

I was under the impression (from past experiences) that SSH self-signed certificates are made up of the Hostname and the Domain Name of the router.

I have been working on a customer network and I can see that the SSH RSA certificate is using the old hostname of the device+domain name but SSH still works both inbound and outbound on the VTY lines!

I thought you had to zeroize the keys and recreate using the crypto key generate rsa command in order to continue to use SSH after a hostname change so that the new certificate contains the new hostname?

Any explanation would be greately appreciated

Many thanks

David

  • Security Management
Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

SSH Still Working after Hostname change???

Hi David.

Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.

What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"
2 REPLIES

SSH Still Working after Hostname change???

Hi David.

Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.

What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"
New Member

SSH Still Working after Hostname change???

Thanks for confirming Carlo, this had to be the case as I am seeing it work with old certificate but I just needed to check as I thought in the past I had to re-generate the cert first.  Thanks again

911
Views
0
Helpful
2
Replies