From: Ryan Morris (ryan@egate.net)
Date: Wed Feb 13 2008 - 01:41:52 ARST
I've seen this when the hostname of the switch doesn't match the hostname
in the rsa cert. Compare the output of the certs in "show crypto key
mypubkey rsa" with the hostname. The best way to fix it is to wipe out
the certs (crypto key zeroize rsa) and then create a new one with the new
hostname (crypto key gen rsa).
Other quirks: ssh 2.0 requires 1024 bit keys, and you can specify which
cert to use with the "ip ssh rsa keypair-name" command.
R.
CCIE #18953
On Tue, 12 Feb 2008, keith tokash wrote:
> I have always wondered why I often get bounced from my switch if I try to ssh
> into another device.
>
> cs1.cha1#p x.x.x.11
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to x.x.x.11, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
> cs1.cha1#ssh x.x.x.11
> Connection to cs1.cha1 closed by remote host.
> Connection to cs1.cha1 closed.
>
>
> I can't find anything on google about this, and the client has no verbose (-v
> is for version ...). Very strange. Anyone know why this happens?
>
> With a few exceptions, secrecy is deeply incompatible with democracy and with
> science.
> --Carl Sagan
> _________________________________________________________________
> Need to know the score, the latest news, or you need your Hotmail.-get your
> "fix".
> http://www.msnmobilefix.com/Default.aspx
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST