Solved

Remote Login to Cisco Router Fails

Posted on 2010-09-21
2
3,264 Views
Last Modified: 2012-05-10
When attempting to use Cisco Configuration Professional to "Discover" and connect to my Cisco 2921 ISR (Second Generation), I receive the error: "Discovery could not be completed because the security certificate was rejected." SSHv2 login also fails, but with no errors.

There has been no change to the router configuration since the last time it worked.
The certificate being used is self signed.
Yes. I've already restarted the router (pulling a known good startup-config), which had not impact.

On reboot, the console indicates the following errors:
SSHv2  RSA Signature Generation Failed: Status 8
SSHv2  Signature creation failed: Status 22

show ip ssh, displays the key info as expected, and show ssh shows SSHv2 running, but with no connected sessions.

Any thoughts on why remote access spontaneously stopped working?

 
0
Comment
Question by:Matthew England
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
fs40490 earned 500 total points
ID: 33729734
Have you tried to regenerate a new self signed key?

I know that this does not get to the root cause but it should be able to get you back up and running.

0
 
LVL 7

Author Closing Comment

by:Matthew England
ID: 33738587
Yes. Creating a new self signed key works and is fine for this time, but it'd be nice to know why this occurred. And how to prevent it from happening again.

crypto key zeroize rsa
crypto key generate rsa
2048

This time I was onsite and able to get in to the router, but there's a point to having remote access. If it's going to randomly fail... what's the point in having it?
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question