reset-ssh-keys

• Without the include-dsa parameter, only RSA keys are re-created. DSA keys are not re-created.
• With the include-dsa parameters, both DSA and RSA keys are re-created.

In version 7.5.2, the length of RSA keys was increased from 1024-bit to 2048-bit. If you upgraded from version 7.5.1 or earlier, the system retained the 1024-bit keys. After you run the reset-ssh-keys command, each SSH client must delete their SSH client key to connect successfully to the DataPower® SSH server. When the fingerprint of SSH client key does not match the SSH host keys, you receive a warning similar to the following.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/xxxxxx/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/xxxxxx/.ssh/known_hosts:nn
RSA host key for 'dp12345 has changed and you have requested strict checking.
Host key verification failed.

After you delete the known host from the file or registry, the next attempt to connect to the DataPower SSH server displays a prompt similar to the following. When prompted, enter yes to continue.

The authenticity of host 'dp12345 (xxx.xxx.xxx.xxx)' cannot be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dp12345,xxx.xxx.xxx.xxx (RSA) to the list of known hosts.
(unknown)
Unauthorized access prohibited.
login: