Sunday, November 8, 2009

IOS: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key

Symptoms:
The device getting numerous %SSH-3-PRIVATEKEY syslogs, usually followed by a traceback such as the following:

Nov 7 02:40:49.542 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for
-Process= "SSH Process", ipl= 0, pid= 148
-Traceback= 61D48360 61D44B24 61D462C4 6053BD88 6053BD6C
Nov 8 02:16:22.452 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for
-Process= "SSH Process", ipl= 0, pid= 148
-Traceback= 61D48360 61D44B24 61D462C4 6053BD88 6053BD6C


Explanation:
Often seen if hostname or domain name of the router has been changed.

Workaround/Fix:

  • Remove existing RSA Key:
    crypto key zeroize rsa
  • Gnerate RSA key with the following commands:

    show crypto key mypubkey rsa
    crypto key gen rsa general-keys label label
    ip ssh rsa keypair-name label

    where label = unique label/identifier

4 comments:

Unknown said...

Awwesome. Thanks for this. Really worked

Unknown said...

I encountered this problem and the workaround indeed worked.

I never had to gen the crypto key with a label before. But for whatever reason, without the keywords "general-keys" and "label" I was keep getting the error as mentioned.

CJ Infantino said...

Thanks for this...you saved me! :)

--
CJ

http://convergingontheedge.com

Hector said...

you sir, are a life saver!!! Thanks for posting.