What is the OID needed to generate a ssh crypto key on a Cisco switch or router running IOS using snmpset?

Question

I have a few routers and switches that were deployed to remote locations and the crypto key was not generated before they were shipped, they are working and I have SNMPv3 write access to them but I want to ssh to them without having to travel to site with console cable and laptop. Want to know snmpset oid to generate crypto key.

Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer. — Ron Maupin, Jan 05 '21 at 01:20

score 3 · Answer 1 · edited Aug 28 '13 at 04:54

3

You can use the below to just send a list of commands to the router the file has the actual commands

config t
crypto key generate rsa
exit

Then ssh to the router and complete the config

or just enable telnet if you can get away with it

config t
vty 0 4 
transport input ssh telnet
exit

I have a perl script that does this to reset enable passwords

The mib is

hostConfigSet .1.3.6.1.4.1.9.2.1.53

From the management station command line, with the use of the MIB object hostConfigSet, enter this:

% snmpset -t 60 172.16.99.22 \
    private .1.3.6.1.4.1.9.2.1.53.171.68.191.135 \
    s router-config

or

% snmpset -t 60 172.16.99.22 private \
  enterprises.9.2.1.53.171.68.191.135 = "router-config"

edited Aug 28 '13 at 04:54

Mike Pennington

29,876
11
78
152

answered Aug 28 '13 at 01:21

fredpbaker

1,357
1
8
8

If OP wants to use SNMP to download config, it might be useful to read also http://networkengineering.stackexchange.com/questions/1789/ – ytti Aug 28 '13 at 07:28
Will this work with SCP file transfer? – Garry Baker Aug 30 '13 at 05:15
I think only tftp there may be another OID for TFTP or one that allows you to send a URI format, but I can use tftp so that's what I do – fredpbaker Aug 31 '13 at 18:00

score 2 · Answer 2 · answered Aug 27 '13 at 20:43

I don't know if you can fix the SSH directly through SNMP. However, a lot of Cisco's suppport SNMP triggered config downloading or uploading from/to a TFTP server. You should be able to upload a new config containing the SSH stuff.

You need the CISCO-CONFIG-COPY-MIB, available on IOS >= 12.0. If you have the device config, you can create a new version including the SSH stuff and upload it. If not, first download the running config from the device.

Important note: uploading to the running config merges your upload into the existing config, but uploading to the startup config overwrites what's already there.

Cisco's instructions can be found here

What is the OID needed to generate a ssh crypto key on a Cisco switch or router running IOS using snmpset?

2 Answers2