[c-nsp] SSH no longer functions after hostname change

Ge Moua moua0100 at umn.edu
Mon Aug 10 13:41:48 EDT 2009


We saw similar symptoms on cat6k; even a reboot & regen rssa key did not 
fix the ssh issue; turned out to be some sort of conflict with IP SLA, 
removed that then all was working.

Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Jared Mauch wrote:
> You should call TAC and your SE/AM as well to insure they capture what 
> happened to avoid this defect in the future.  You may also be able to 
> entirely disable/restart the SSH subsystem, or at least make sure they 
> have the ability to restart it.  If Cisco doesn't make progress on 
> this front, I'm not sure how they will continue to survive.  The 
> internet of 2000 and later really needs protected memory and 
> restartable processes instead of the old tech support "have you turned 
> it off and back on again" policy of dealing with defects.  While that 
> has a place, certainly this is not one of them.
>
>     - Jared
>
> On Aug 10, 2009, at 12:41 PM, jon at defenderhosting.com wrote:
>
>> Hi Ryan/Paul-
>>
>> Not without scheduling a maintenance window which I was hoping to 
>> avoid.  I am sure a reload would fix the problem as i'd also use it 
>> as an opportunity to upgrade the code since I am a half dozen revs 
>> behind and have switches running newer versions without any stability 
>> issues.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul at paulstewart.org>
>> To: "Jon Wolberg" <jon at defenderhosting.com>
>> Cc: cisco-nsp at puck.nether.net
>> Sent: Monday, August 10, 2009 12:35:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> That is very strange.... are you able to kick the switch (power 
>> cycle) to see if it resolves or not?  I know you shouldn't have to 
>> but I'm out of answers too ;)
>>
>> -----Original Message-----
>> From: Jon Wolberg [mailto:jon at defenderhosting.com]
>> Sent: Monday, August 10, 2009 12:20 PM
>> To: Paul Stewart
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] SSH no longer functions after hostname change
>>
>> Hi Paul-
>>
>> The funny thing is this is the only switch causing problems.  We 
>> changed the hostnames on over a dozen others without any issues.
>>
>> I tried re-generating the keys to no avail.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul at paulstewart.org>
>> To: "Jon Wolberg" <jon at defenderhosting.com>, cisco-nsp at puck.nether.net
>> Sent: Monday, August 10, 2009 12:17:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> Normally all we do is a "crypto key gen rsa" if a hostname changes 
>> and we
>> continue on... this regens the keys and stops/starts the SSH process....
>>
>> Paul
>>
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Wolberg
>> Sent: Monday, August 10, 2009 11:53 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] SSH no longer functions after hostname change
>>
>> Hello-
>>
>> We recently changed some of our hostnames on various legacy switches to
>> follow our naming convention, and after one change I can no longer 
>> SSH to
>> the switch.
>>
>> I get the below errors on the console with debug ip ssh client running:
>>
>> Aug 10 11:23:44 EST: SSH5: sent protocol version id SSH-2.0-Cisco-1.25
>> Aug 10 11:23:44 EST: SSH5: protocol version id is - SSH-2.0-OpenSSH_4.3
>> Aug 10 11:23:44 EST: SSH2 5: RSA_sign: private key not found
>> Aug 10 11:23:44 EST: SSH2 5: signature creation failed, status -1
>> Aug 10 11:23:44 EST: SSH5: Session disconnected - error 0x00
>>
>> I zero'ized the old keys and re-generated as well as set the hostname 
>> back
>> to the original and zero'ized and re-generated to no avail.  Nothing 
>> shows
>> up on Google and I can find no errata related to SSH access on the 
>> version
>> of code we are running.
>>
>> Has anyone encountered this before?  This is a 3750 running 12.2(44)SE2
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list