101
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
Troubleshooting SSH Operation
See also “Messages Related to SSH Operation” on page 100.
Generating new RSA host key. If the
cache is depleted, this could take
up to two minutes.
After you execute the crypto key generate [rsa]
command, the switch displays this message while it
is generating the key.
Host RSA key file corrupt or not
found. Use 'crypto key generate
rsa' to create new host key.
The switch’s key is missing or corrupt. Use the crypto
key generate [rsa] command to generate a new key
for the switch.
host_ssh1 is not a valid key file.
Key does not exist or is corrupt.
show_client_public-key: cannot stat
keyfile.
The client key does not exist in the switch. Use copy
tftp to download the key from a TFTP server.
Symptom Possible Cause
Switch access refused to a client whose public key you
have placed in a text file and copied (using the copy tftp pub-
key-file command) into the switch.
If the source SSH client is an SSHv2 application, the public
key may be in the PEM format, which the switch (SSHv1)
does not interpret. Check the SSH client application for a
utility that can convert the PEM-formatted key into an ASCII-
formatted key.
Executing ip ssh does not enable SSH on the switch. The switch does not have a host key. Verify by executing
show ip host-public-key. If you see the message
ssh cannot be enabled until a host key
is configured (use ’crypto’ command)
then you need to generate an SSH key pair for the switch.
To do so, execute crypto key generate.(Refer to “2. Gener-
ating the Switch’s Public and Private Key Pair” on page 85.)
Switch does not detect a client’s public key that does
appear in the switch’s public key file (show ip client-public-
key).
The client’s public key entry in the public key file may be
preceded by another entry that does not terminate with a
new line (CR). In this case, the switch interprets the next
sequential key entry as simply a comment attached to the
preceding key entry. Where a public key file has more than
one entry, ensure that all entries terminate with a newline
(CR). While this is optional for the last entry in the file, not
adding a newline to the last entry creates an error potential
if you either add another key to the file at a later time or
change the order of the keys in the file.
Message Meaning