[c-nsp] Failed crypto key generate after upgrading to SXI3
Matthew Huff
mhuff at ox.com
Mon Dec 28 10:22:57 EST 2009
I've got 4 x Cisco 6509 with sup720. After upgrading to SXI3, ssh/scp is failing. Even if I zeroize the keys, and start over, it's failing. Anyone seen this yet?
switch-xxxx1(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes
switch-xxxx1(config)#crypto key generate rsa general-keys modulus 512
The name for the keys will be: xxx.xx.com
% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
000909: Dec 28 09:59:19.032 EST: %CHKPT-4-GET_HUGE_BUF: Client 162 buffer requested (size = 4256) is too large
when you ssh in, you immediately disconnect and the log shows:
switch-xxxx1#
000911: Dec 28 10:01:06.717 EST: SSH2 1: RSA_sign: private key not found
000912: Dec 28 10:01:06.717 EST: SSH2 1: signature creation failed, status -1
----
Matthew Huff | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
More information about the cisco-nsp
mailing list