[c-nsp] SSH no longer functions after hostname change
Ge Moua
moua0100 at umn.edu
Mon Aug 10 13:41:48 EDT 2009
We saw similar symptoms on cat6k; even a reboot & regen rssa key did not
fix the ssh issue; turned out to be some sort of conflict with IP SLA,
removed that then all was working.
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Jared Mauch wrote:
> You should call TAC and your SE/AM as well to insure they capture what
> happened to avoid this defect in the future. You may also be able to
> entirely disable/restart the SSH subsystem, or at least make sure they
> have the ability to restart it. If Cisco doesn't make progress on
> this front, I'm not sure how they will continue to survive. The
> internet of 2000 and later really needs protected memory and
> restartable processes instead of the old tech support "have you turned
> it off and back on again" policy of dealing with defects. While that
> has a place, certainly this is not one of them.
>
> - Jared
>
> On Aug 10, 2009, at 12:41 PM, jon at defenderhosting.com wrote:
>
>> Hi Ryan/Paul-
>>
>> Not without scheduling a maintenance window which I was hoping to
>> avoid. I am sure a reload would fix the problem as i'd also use it
>> as an opportunity to upgrade the code since I am a half dozen revs
>> behind and have switches running newer versions without any stability
>> issues.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul at paulstewart.org>
>> To: "Jon Wolberg" <jon at defenderhosting.com>
>> Cc: cisco-nsp at puck.nether.net
>> Sent: Monday, August 10, 2009 12:35:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> That is very strange.... are you able to kick the switch (power
>> cycle) to see if it resolves or not? I know you shouldn't have to
>> but I'm out of answers too ;)
>>
>> -----Original Message-----
>> From: Jon Wolberg [mailto:jon at defenderhosting.com]
>> Sent: Monday, August 10, 2009 12:20 PM
>> To: Paul Stewart
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] SSH no longer functions after hostname change
>>
>> Hi Paul-
>>
>> The funny thing is this is the only switch causing problems. We
>> changed the hostnames on over a dozen others without any issues.
>>
>> I tried re-generating the keys to no avail.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul at paulstewart.org>
>> To: "Jon Wolberg" <jon at defenderhosting.com>, cisco-nsp at puck.nether.net
>> Sent: Monday, August 10, 2009 12:17:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> Normally all we do is a "crypto key gen rsa" if a hostname changes
>> and we
>> continue on... this regens the keys and stops/starts the SSH process....
>>
>> Paul
>>
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Wolberg
>> Sent: Monday, August 10, 2009 11:53 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] SSH no longer functions after hostname change
>>
>> Hello-
>>
>> We recently changed some of our hostnames on various legacy switches to
>> follow our naming convention, and after one change I can no longer
>> SSH to
>> the switch.
>>
>> I get the below errors on the console with debug ip ssh client running:
>>
>> Aug 10 11:23:44 EST: SSH5: sent protocol version id SSH-2.0-Cisco-1.25
>> Aug 10 11:23:44 EST: SSH5: protocol version id is - SSH-2.0-OpenSSH_4.3
>> Aug 10 11:23:44 EST: SSH2 5: RSA_sign: private key not found
>> Aug 10 11:23:44 EST: SSH2 5: signature creation failed, status -1
>> Aug 10 11:23:44 EST: SSH5: Session disconnected - error 0x00
>>
>> I zero'ized the old keys and re-generated as well as set the hostname
>> back
>> to the original and zero'ized and re-generated to no avail. Nothing
>> shows
>> up on Google and I can find no errata related to SSH access on the
>> version
>> of code we are running.
>>
>> Has anyone encountered this before? This is a 3750 running 12.2(44)SE2
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list