Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

Message

 

Meaning

 

 

Generating new RSA host key. If theAfter you execute the crypto key generate [rsa]
cache is depleted,this could take

command, the switch displays this message while it

up to two minutes.

 

is generating the key.

 

 

 

 

Host RSA key file corrupt or not

The switch’s key is missing or corrupt. Use the crypto

found. Use 'cryptokey generate

key generate [rsa] command to generate a new key

for the switch.
rsa' to create newhost key.

 

 

 

 

host_ssh1 is not avalid key file.

The client key does not exist in the switch. Use copy

 

 

tftp to download the key from a TFTP server.

Key does not existor is corrupt.

 

show_client_public-key: cannot stat keyfile.Troubleshooting SSH OperationSee also “Messages Related to SSH Operation” on page 100.

Symptom

Possible Cause

 

 

Switch access refused to a client whose public key you

If the source SSH client is an SSHv2 application, the public

have placed in a text file and copied (using the copy tftp pub-

key may be in the PEM format, which the switch (SSHv1)

key-filecommand) into the switch.

does not interpret. Check the SSH client application for a

 

utility that can convert the PEM-formatted key into an ASCII-

 

formatted key.

Executing ip ssh does not enable SSH on the switch.

The switch does not have a host key. Verify by executing

 

show ip host-public-key. If you see the message

 

ssh cannot be enabled until a host key

 

is configured (use ’crypto’ command)

 

then you need to generate an SSH key pair for the switch.

 

To do so, execute crypto key generate.(Refer to “2. Gener-

 

ating the Switch’s Public and Private Key Pair” on page 85.)

Switch does not detect a client’s public key that does

The client’s public key entry in the public key file may be

appear in the switch’s public key file (show ip client-public-

preceded by another entry that does not terminate with a

key).

new line (CR). In this case, the switch interprets the next

 

sequential key entry as simply a comment attached to the

 

preceding key entry. Where a public key file has more than

 

one entry, ensure that all entries terminate with a newline

 

(CR). While this is optional for the last entry in the file, not

 

adding a newline to the last entry creates an error potential

 

if you either add another key to the file at a later time or

 

change the order of the keys in the file.

101