Cisco – Generate ssh key with SAN-OS from the console

We had a situation a few weeks ago where we needed to stand up some HP / Cisco 9124e switches in a hurry. Unfortunately our data centre people initialized the switches and weren’t available to tell us what point they’d gotten to. We could see the switches in Fabric Manager and Device Manager, but for some reason we couldn’t ssh to the devices. And for some other reason we couldn’t generate a key to use with the switches. SAN-OS version is 3.3(4a). So here’s what we did to generate keys on the console (accessed via the HP Onboard Administrator on the blade chassis).

login as: admin



WARNING: This is a private system.  Do not attempt to login unless you are an

authorized user.  Any authorized or unauthorized access and use may be moni-

tored and can result in criminal or civil prosecution under applicable law.


Firmware Version: 3.21

Built: 11/15/2010 @ 09:59

OA Bay Number:  1

OA Role:       Active

admin@’s password:







HP BladeSystem Onboard Administrator

(C) Copyright 2006-2010 Hewlett-Packard Development Company, L.P.



Type ‘HELP’ to display a list of valid commands.

Type ‘HELP <command>’ to display detailed information about a specific command.

Type ‘HELP HELP’ to display more detailed information about the help system.



CHASSIS-OA1> connect interconnect 3


NOTICE: This pass-thru connection to the integrated I/O console

is provided for convenience and does not supply additional access

control.  For security reasons, use the password features of the

integrated switch.


Connecting to integrated switch 3 at 9600,N81…

Escape character is ‘<Ctrl>_’ (Control + Shift + Underscore)


Press [Enter] to display the switch console:


User Access Verification

switch1 login: admin


Cisco Storage Area Networking Operating System (SAN-OS) Software

TAC support:

Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software may be covered under the GNU Public

License or the GNU Lesser General Public License. A copy of

each such license is available at and

switch1# sh ssh key


could not retrieve rsa key information


could not retrieve dsa key information


no ssh keys present. you will have to generate them


switch1# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

switch1(config)# ssh key rsa 1024

generating rsa key(1024 bits)…..


generated rsa key

switch1(config)# exit

switch1# copy run start

And then it was all better.