I’m currently taking part in a project where we send out new routers to remote locations and on a number of occasions we had a problem where i couldn’t connect to my preconfigured router via ssh. I thought i was going crazy because this happened randomly and every time i had to console in to the router with the assistance of some onsite technician, which is always a hassle. And today i’ve found the confirmation in CSCvm54595: SSH keys can go missing if you write the config with do wr. Or you can upgrade to 16.9.3+.
I am not going mad after all. Cisco, this was not your finest (regression testing) hour.
What i did as a workaround…
event manager applet ssh_key_regenerate authorization bypass
event syslog occurs 1 pattern „SYS-5-RESTART” maxrun 90
action 1.0 cli command „enable”
action 1.1 cli command „conf t”
action 1.2 cli command „crypto key zeroize rsa MYSSHKEYS.server”
action 1.3 cli command „crypto key generate rsa general-keys label MYSSHKEYS modulus 4096”