Configure ssh access to router ... possible without domain name?

- J
- James Harris
  
  Contact options for registered users
posted
17 years ago

Mon, Feb 26, 2007 4:28 PM

The only way I can find to configure ssh on a router vty is as follows

crypto rsa generate rsa line vty 0 15 transport input ssh

The problem is that the crypto line cannot be entered without having

ip domain name

which is not part of our standard config. (Before anyone asks, we use ip domain lookup to specify the domains to search on the box itself; and we prefer to not have a domain name in order to stop it appearing in CDP, and management systems. All our router names are unique so we don't need the domain name.)

It seems we can configure a domain name, generate the rsa key, then remove the domain name; or we can set a short domain name - such as a dot(.). Either one works .... but is there a way to avoid this? Any guidance appreciated. FWIW the following link applies

- J
- James Harris
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Tue, Feb 27, 2007 10:01 PM

... widening the net a little in case someone out there has a comment.

it seems this is either a little discussed issue or there is indeed no way to generate the RSA keys (which are needed) without specifying a domain name. It does seem that the name can be deleted afterward without a problem.

- H
- hack.bac
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Wed, Feb 28, 2007 1:51 AM

- F
- Fred Atkinson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Wed, Feb 28, 2007 1:51 AM

Well,

Not only must the domain name be configured. The host name must be configured as well. You don't want to change it *after* you create the keys.

What's wrong with putting a dummy domain name in the configuration file? Make up a TLD .jam is an invalid one. That way, you won't cause confusion.

When I try to pull up that link, it says that the page is not available.

Regards,

Fred