I ran into this a while back. Basically there is a broken hidden key that has to be deleted correctly.
Basically, during the upgrade the key gets corrupted and becomes a phantom. You can't delete it with zeroize. The corruption is in the key label (which if you don't specify, is the fqdn) which gets corrupted with the last letter left off. For example, our switch was named "switch-core1" with a domain of "ox.com". The fqdn was "switch-core1.ox.com". After the upgrade, the hidden corrupted key was labeled "switch-core1.ox.co". The solution is to create a key with the bad label that will overwrite the phantom, then delete it: switch-core1(config)#crypto key generate rsa general-keys label switch-core1.ox.co modulus 512 switch-core1(config)#crypto key zeroize rsa switch-core1.ox.co and the phantom key will be gone. ---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jeff > Fitzwater > Sent: Wednesday, June 02, 2010 11:40 AM > To: [email protected] > Subject: [c-nsp] 12.2-33.SXI3 SSH broken after changing IP > > My SSH connections fail after I changed IP address on box. > > 6500 running 12.2-33.SXI3 > > I had this problem a long time ago and don't remember how to fix it. > > I do see that there is a bug related to it CSCtc41114 but it relates to > HOSTNAME change and the > procedure doesn't work or I am not doing it right. > > > I tried clearing the keys and re-generating them, but I still get > AUTHENTICATION failed on client, > and on router I get logs ... > > SSH2 1: RSA_sign: privae key not found > SSH2 1: signature creation failed, status -1 > > > Any ideas. > > > Thanks in advance. > > > > Jeff Fitzwater > OIT Network & Communications Systems > Princeton University > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
