Clearing Ssh Hosts - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Chapter 32 Configuring Users and Common Roles
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To overwrite the previously generated key-pair, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# ssh key dsa 768
ssh key dsa 512
dsa keys already present, use force
option to overwrite them
switch(config)# ssh key dsa 512 force
deleting old dsa key.....
generating dsa key.....
generated dsa key

Clearing SSH Hosts

The clear ssh hosts command clears the existing list of trusted SSH hosts and reallows you to use
SCP/SFTP along with the copy command for particular hosts.
When you use SCP/SFTP along with the copy command, a list of trusted SSH hosts are built and stored
within the switch (see
Example 32-9 Using SCP/SFTP to Copy Files
switch# copy scp://abcd@10.10.1.1/users/abcd/abc
bootflash:abc The authenticity of host '10.10.1.1 (10.10.1.1)'
can't be established.
RSA1 key fingerprint is 01:29:62:16:33:ff:f7:dc:cc:af:aa:20:f8:20:a2:db.
Are you sure you want to continue connecting (yes/no)? yes
Added the host to the list of known hosts
(/var/home/admin/.ssh/known_hosts). [SSH key information about the host is
stored on the switch]
abcd@10.10.1.1's password:
switch#
If a host's SSH key changes before you use SCP/SFTP along with the copy command, you will receive
an error (see
Example 32-10 Using SCP/SFTP to Copy Files—Error Caused by SSH Key Change
switch# copy scp://apn@10.10.1.1/isan-104
bootflash:isan-ram-1.0.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA1 host key has just been changed.
The fingerprint for the RSA1 key sent by the remote host is
36:96:ca:d7:29:99:79:74:aa:4d:97:49:81:fb:23:2f.
Please contact your system administrator.
Add correct host key in /mnt/pss/.ssh/known_hosts to get rid of this
message.
Offending key in /mnt/pss/.ssh/known_hosts:2
RSA1 host key for 10.10.1.1 has changed and you have requested strict
checking.
OL-18084-01, Cisco MDS NX-OS Release 4.x
Example
Example 32-10).
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
Purpose
Enters configuration mode.
Tries to set the server key-pair. If a required server
key-pair is already configured, use the force option to
overwrite that server key-pair.
Deletes the old DSA key and sets the server key-pair
using the new bit specification.
32-9).
Cisco MDS 9000 Family CLI Configuration Guide
Configuring SSH Services
@
32-17