Changing The Default Ssh Key - Cisco TelePresence Administrator's Manual

Reference material

Changing the default SSH key

Using the default key means that SSH sessions established to the VCS may be vulnerable to "man-in-the-
middle" attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
An alarm message "Security alert: the SSH service is using the default key" is displayed if your VCS is still
configured with its factory default SSH key.
To generate a new SSH key for the VCS:
1. Log into the CLI as root.
2. Type regeneratesshkey.
3. Type exit to log out of the root account.
4. Log in to the web interface.
5. Go to Maintenance >
6. Check the number of calls and registrations currently in place.
7. Click Restart system and then confirm the restart when asked.
If you have a clustered VCS system you must generate new SSH keys for every cluster peer. Log into each
peer in turn and follow the instructions above. You do not have to decluster or disable replication.
When you next log in to the VCS over SSH you may receive a warning that the key identity of the
VCS has changed. Please follow the appropriate process for your SSH client to suppress this
warning.
If your VCS is subsequently downgraded to an earlier version of VCS firmware, the default SSH
keys will be restored.
Cisco VCS Administrator Guide (X8.1.1)
Restart. You are taken to the Restart page.
Changing the default SSH key
Page 385 of 507