Changing The Default Ssh Key; Default Ssh Key Alarms - Cisco TelePresence Administrator's Manual

Changing the default SSH key

Default SSH key alarms

An alarm message "Security alert: the SSH service is using the default key" is displayed if your VCS is still
configured with its factory default SSH key.
Using the default key means that SSH sessions established to the VCS may be vulnerable to "man-in-the-
middle" attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
Use the following instructions to generate a new SSH key for the VCS:
1. Log into the CLI as root.
2. Type regeneratesshkey.
3. Type exit to log out of the root account.
4. Log in to the web interface.
5. Go to Maintenance >
6. Check the number of calls and registrations currently in place.
7. Click Restart system and then confirm the restart when asked.
If you have a clustered VCS system you must generate new SSH keys for every cluster peer. Log into each
peer in turn and follow the instructions above. You do not have to decluster or disable replication.
When you next log in to the VCS over SSH you may receive a warning that the key identity of the
VCS has changed. Please follow the appropriate process for your SSH client to suppress this
warning.
If your VCS is subsequently downgraded to an earlier version of VCS firmware, the default SSH
keys will be restored.
Cisco VCS Administrator Guide (X7.2)
Restart. You are taken to the Restart page.
Reference material
Page 367 of 498