jon at defenderhosting
Aug 10, 2009, 11:09 AM
Post #9 of 14
(6279 views)
Permalink
|
|
Re: SSH no longer functions after hostname change
[In reply to]
|
|
Jared-
Unfortunately we do not have SmartNET for this specific device, although we do have coverage for our higher up infrastructure. I do not know Cisco's policy on supporting devices without a contract but I highly doubt they would work with me to a resolution without an existing SmartNET contract for this device.
I will try JF's solution ( I did this already but did not do it in the specific order he mentioned ) and then schedule a reload if that fails.
Thanks.
Jon Wolberg
Systems Engineer
Virtacore Systems Inc.
"We Virtualize IT!"
----- Original Message -----
From: "Ge Moua" <moua0100 [at] umn>
To: "Jared Mauch" <jared [at] puck>
Cc: "Jon Wolberg" <jon [at] defenderhosting>, cisco-nsp [at] puck
Sent: Monday, August 10, 2009 1:41:48 PM GMT -05:00 US/Canada Eastern
Subject: Re: [c-nsp] SSH no longer functions after hostname change
We saw similar symptoms on cat6k; even a reboot & regen rssa key did not
fix the ssh issue; turned out to be some sort of conflict with IP SLA,
removed that then all was working.
Regards,
Ge Moua | Email: moua0100 [at] umn
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Jared Mauch wrote:
> You should call TAC and your SE/AM as well to insure they capture what
> happened to avoid this defect in the future. You may also be able to
> entirely disable/restart the SSH subsystem, or at least make sure they
> have the ability to restart it. If Cisco doesn't make progress on
> this front, I'm not sure how they will continue to survive. The
> internet of 2000 and later really needs protected memory and
> restartable processes instead of the old tech support "have you turned
> it off and back on again" policy of dealing with defects. While that
> has a place, certainly this is not one of them.
>
> - Jared
>
> On Aug 10, 2009, at 12:41 PM, jon [at] defenderhosting wrote:
>
>> Hi Ryan/Paul-
>>
>> Not without scheduling a maintenance window which I was hoping to
>> avoid. I am sure a reload would fix the problem as i'd also use it
>> as an opportunity to upgrade the code since I am a half dozen revs
>> behind and have switches running newer versions without any stability
>> issues.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul [at] paulstewart>
>> To: "Jon Wolberg" <jon [at] defenderhosting>
>> Cc: cisco-nsp [at] puck
>> Sent: Monday, August 10, 2009 12:35:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> That is very strange.... are you able to kick the switch (power
>> cycle) to see if it resolves or not? I know you shouldn't have to
>> but I'm out of answers too ;)
>>
>> -----Original Message-----
>> From: Jon Wolberg [mailto:jon [at] defenderhosting]
>> Sent: Monday, August 10, 2009 12:20 PM
>> To: Paul Stewart
>> Cc: cisco-nsp [at] puck
>> Subject: Re: [c-nsp] SSH no longer functions after hostname change
>>
>> Hi Paul-
>>
>> The funny thing is this is the only switch causing problems. We
>> changed the hostnames on over a dozen others without any issues.
>>
>> I tried re-generating the keys to no avail.
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>>
>>
>> ----- Original Message -----
>> From: "Paul Stewart" <paul [at] paulstewart>
>> To: "Jon Wolberg" <jon [at] defenderhosting>, cisco-nsp [at] puck
>> Sent: Monday, August 10, 2009 12:17:14 PM GMT -05:00 US/Canada Eastern
>> Subject: RE: [c-nsp] SSH no longer functions after hostname change
>>
>> Normally all we do is a "crypto key gen rsa" if a hostname changes
>> and we
>> continue on... this regens the keys and stops/starts the SSH process....
>>
>> Paul
>>
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces [at] puck
>> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Jon Wolberg
>> Sent: Monday, August 10, 2009 11:53 AM
>> To: cisco-nsp [at] puck
>> Subject: [c-nsp] SSH no longer functions after hostname change
>>
>> Hello-
>>
>> We recently changed some of our hostnames on various legacy switches to
>> follow our naming convention, and after one change I can no longer
>> SSH to
>> the switch.
>>
>> I get the below errors on the console with debug ip ssh client running:
>>
>> Aug 10 11:23:44 EST: SSH5: sent protocol version id SSH-2.0-Cisco-1.25
>> Aug 10 11:23:44 EST: SSH5: protocol version id is - SSH-2.0-OpenSSH_4.3
>> Aug 10 11:23:44 EST: SSH2 5: RSA_sign: private key not found
>> Aug 10 11:23:44 EST: SSH2 5: signature creation failed, status -1
>> Aug 10 11:23:44 EST: SSH5: Session disconnected - error 0x00
>>
>> I zero'ized the old keys and re-generated as well as set the hostname
>> back
>> to the original and zero'ized and re-generated to no avail. Nothing
>> shows
>> up on Google and I can find no errata related to SSH access on the
>> version
>> of code we are running.
>>
>> Has anyone encountered this before? This is a 3750 running 12.2(44)SE2
>>
>>
>> Jon Wolberg
>> Systems Engineer
>> Virtacore Systems Inc.
>> "We Virtualize IT!"
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
|
