The RSA key pair is generated when you want to enable SSH access to the unit Command for this is " ca generate rsa key ". You need to have configured the hostname and domain name before using this command.
remember to do the "ca save all" afterwards. Try that and see if the key changes again after a reload. As far as I remember (rather rusty here), the RSA key pair is saved to some other memory on the PIX (anyone correct me if I am wrong) As for your IPSec question - are you using certificates or preshared keys. If you are using certificates, then I think it is the same key - depends on how you set it up originally (There are 2 key type - general and special) if you never specified this, then a general key is created. let us know how it goes Andrew -----Original Message----- From: Jens von B|low [mailto:[EMAIL PROTECTED]] Sent: 10 February 2003 14:06 To: Andrew Larkins; [EMAIL PROTECTED] Subject: RE: ssh - warning: remote host identification has changed [7:62743] That is what I suspect or perhaps an overzealous engineer. Does one specify the RSA key for SSH (is it the same as the one for the IPSEC stuff) How would one change such a thing? I don't remember having to ever create one during the initial installation? PS: I rebooted the box and noticed that the key once again changed - could this problem be as a result of a corrupt flash card? -----Original Message----- From: Andrew Larkins [mailto:[EMAIL PROTECTED]] Sent: 10 February 2003 01:48 To: [EMAIL PROTECTED] Subject: RE: ssh - warning: remote host identification has changed [7:62743] This means that someone changed the rsa key on the PIX and that is only became active after the reboot. Verify with your guys that they changed nothing - otherwise it could be a sort of "attack" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62747&t=62747 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
