[c-nsp] SSH no longer functions after hostname change

Jared Mauch jared at puck.nether.net
Mon Aug 10 12:55:02 EDT 2009 

You should call TAC and your SE/AM as well to insure they capture what  
happened to avoid this defect in the future.  You may also be able to  
entirely disable/restart the SSH subsystem, or at least make sure they  
have the ability to restart it.  If Cisco doesn't make progress on  
this front, I'm not sure how they will continue to survive.  The  
internet of 2000 and later really needs protected memory and  
restartable processes instead of the old tech support "have you turned  
it off and back on again" policy of dealing with defects.  While that  
has a place, certainly this is not one of them.

	- Jared

On Aug 10, 2009, at 12:41 PM, jon at defenderhosting.com wrote:

> Hi Ryan/Paul-
>
> Not without scheduling a maintenance window which I was hoping to  
> avoid.  I am sure a reload would fix the problem as i'd also use it  
> as an opportunity to upgrade the code since I am a half dozen revs  
> behind and have switches running newer versions without any  
> stability issues.
>
>
> Jon Wolberg
> Systems Engineer
> Virtacore Systems Inc.
> "We Virtualize IT!"
>
>
> ----- Original Message -----
> From: "Paul Stewart" <paul at paulstewart.org>
> To: "Jon Wolberg" <jon at defenderhosting.com>
> Cc: cisco-nsp at puck.nether.net
> Sent: Monday, August 10, 2009 12:35:14 PM GMT -05:00 US/Canada Eastern
> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>
> That is very strange.... are you able to kick the switch (power  
> cycle) to see if it resolves or not?  I know you shouldn't have to  
> but I'm out of answers too ;)
>
> -----Original Message-----
> From: Jon Wolberg [mailto:jon at defenderhosting.com]
> Sent: Monday, August 10, 2009 12:20 PM
> To: Paul Stewart
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] SSH no longer functions after hostname change
>
> Hi Paul-
>
> The funny thing is this is the only switch causing problems.  We  
> changed the hostnames on over a dozen others without any issues.
>
> I tried re-generating the keys to no avail.
>
>
> Jon Wolberg
> Systems Engineer
> Virtacore Systems Inc.
> "We Virtualize IT!"
>
>
> ----- Original Message -----
> From: "Paul Stewart" <paul at paulstewart.org>
> To: "Jon Wolberg" <jon at defenderhosting.com>, cisco-nsp at puck.nether.net
> Sent: Monday, August 10, 2009 12:17:14 PM GMT -05:00 US/Canada Eastern
> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>
> Normally all we do is a "crypto key gen rsa" if a hostname changes  
> and we
> continue on... this regens the keys and stops/starts the SSH  
> process....
>
> Paul
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Wolberg
> Sent: Monday, August 10, 2009 11:53 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] SSH no longer functions after hostname change
>
> Hello-
>
> We recently changed some of our hostnames on various legacy switches  
> to
> follow our naming convention, and after one change I can no longer  
> SSH to
> the switch.
>
> I get the below errors on the console with debug ip ssh client  
> running:
>
> Aug 10 11:23:44 EST: SSH5: sent protocol version id SSH-2.0-Cisco-1.25
> Aug 10 11:23:44 EST: SSH5: protocol version id is - SSH-2.0- 
> OpenSSH_4.3
> Aug 10 11:23:44 EST: SSH2 5: RSA_sign: private key not found
> Aug 10 11:23:44 EST: SSH2 5: signature creation failed, status -1
> Aug 10 11:23:44 EST: SSH5: Session disconnected - error 0x00
>
> I zero'ized the old keys and re-generated as well as set the  
> hostname back
> to the original and zero'ized and re-generated to no avail.  Nothing  
> shows
> up on Google and I can find no errata related to SSH access on the  
> version
> of code we are running.
>
> Has anyone encountered this before?  This is a 3750 running  
> 12.2(44)SE2
>
>
> Jon Wolberg
> Systems Engineer
> Virtacore Systems Inc.
> "We Virtualize IT!"
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list