Configure ssh access to router ... possible without domain name?

The only way I can find to configure ssh on a router vty is as follows

crypto rsa generate rsa line vty 0 15 transport input ssh

The problem is that the crypto line cannot be entered without having

ip domain name

which is not part of our standard config. (Before anyone asks, we use ip domain lookup to specify the domains to search on the box itself; and we prefer to not have a domain name in order to stop it appearing in CDP, and management systems. All our router names are unique so we don't need the domain name.)

It seems we can configure a domain name, generate the rsa key, then remove the domain name; or we can set a short domain name - such as a dot(.). Either one works .... but is there a way to avoid this? Any guidance appreciated. FWIW the following link applies

Reply to
James Harris
Loading thread data ...

... widening the net a little in case someone out there has a comment.

it seems this is either a little discussed issue or there is indeed no way to generate the RSA keys (which are needed) without specifying a domain name. It does seem that the name can be deleted afterward without a problem.

Reply to
James Harris

Reply to


Not only must the domain name be configured. The host name must be configured as well. You don't want to change it *after* you create the keys.

What's wrong with putting a dummy domain name in the configuration file? Make up a TLD .jam is an invalid one. That way, you won't cause confusion.

When I try to pull up that link, it says that the page is not available.



Reply to
Fred Atkinson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.