[c-nsp] SSH no longer functions after hostname change

Ziv Leyes zivl at gilat.net
Tue Aug 11 02:56:10 EDT 2009


That should be the exact procedure to follow when changing hostnames, even if on most devices there are no problems, the best is to follow this sequence

1. Zeroize the key
2. Change hostname
3. Generate a new key




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Wolberg
Sent: Monday, August 10, 2009 9:15 PM
To: jf
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SSH no longer functions after hostname change

All-

Using the exact order that JF listed below it worked perfect and resolved my issue.  I can now SSH to this device again.

Thanks.


Jon Wolberg
Systems Engineer
Virtacore Systems Inc.
"We Virtualize IT!"


----- Original Message -----
From: "jf" <jf at emich.edu>
To: "Jon Wolberg" <jon at defenderhosting.com>
Cc: cisco-nsp at puck.nether.net
Sent: Monday, August 10, 2009 12:42:00 PM GMT -05:00 US/Canada Eastern
Subject: Re: [c-nsp] SSH no longer functions after hostname change

We experienced this problem on a 3550 12g several years ago.  We solved
it by temporarily changing the configured hostname back, zeroing the
key, changing the hostname again, and regenerating.

Jon Wolberg wrote:
> Hello-
>
> We recently changed some of our hostnames on various legacy switches to follow our naming convention, and after one change I can no longer SSH to the switch.
>
> I get the below errors on the console with debug ip ssh client running:
>
> Aug 10 11:23:44 EST: SSH5: sent protocol version id SSH-2.0-Cisco-1.25
> Aug 10 11:23:44 EST: SSH5: protocol version id is - SSH-2.0-OpenSSH_4.3
> Aug 10 11:23:44 EST: SSH2 5: RSA_sign: private key not found
> Aug 10 11:23:44 EST: SSH2 5: signature creation failed, status -1
> Aug 10 11:23:44 EST: SSH5: Session disconnected - error 0x00
>
> I zero'ized the old keys and re-generated as well as set the hostname back to the original and zero'ized and re-generated to no avail.  Nothing shows up on Google and I can find no errata related to SSH access on the version of code we are running.
>
> Has anyone encountered this before?  This is a 3750 running 12.2(44)SE2
>
>
> Jon Wolberg
> Systems Engineer
> Virtacore Systems Inc.
> "We Virtualize IT!"
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





__________ Information from ESET NOD32 Antivirus, version of virus signature database 4324 (20090811) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4324 (20090811) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





More information about the cisco-nsp mailing list