One of the requirements to enable remote management via SSH on a device is the configured crypto RSA key. Hence, it is imperative that the RSA key be defined first before disabling other connections such as console and telnet.
Problem/Error Encountered:
So how do you know if your device doesn't have a crypto key enabled? Check the SSH attempt below:
-bash-3.00$ ssh 10.10.20.20 -1
ssh_exchange_identification: Connection closed by remote host
-bash-3.00$
To further confirm, check the SSH port via telnet:
-bash-3.00$ telnet 10.10.20.20 22
Trying 10.10.20.20...
Connected to 10.10.20.20.
Escape character is '^]'.
Could not load host key. Closing connection...Connection closed by foreign host.
-bash-3.00$
The output from the telnet 22 should be enough to confirm that the device has a missing (or possibly a corrupt) RSA key.
Solution:
Simply put, configure the RSA key.
However, here is a possible problem scenario: the device can only be accessed via SSH (console and telnet were disabled) AND the crypto key was (accidentally) erased. In this case, the only way to access the device is effectively disabled as well.
The "quickest" solution for this one is to recover the password recovery via console. Password recovery usually involves rebooting the device.
Verification:
Best way is, of course, to ssh to the device.
If testing via telnet 22, the should see something like this:
-bash-3.00$ telnet 10.10.20.20 22
Trying 10.10.20.20...
Connected to 10.10.20.20.
Escape character is '^]'.
SSH-2.0-Cisco-1.25
No comments:
Post a Comment