crypto key dss

Syntax

crypto key { generate | zeroize } dss

Release Information

Command introduced before JunosE Release 7.1.0.

Description

Controls SSH server daemon and creation/deletion of SSH server host key. This command is not displayed by the show config command. There is no no version.

SSH can be enabled or disabled regardless of the state of the Telnet daemon. If SSH is enabled, use access control lists to limit access through Telnet.

Note: When you perform a stateful SRP switchover operation on a device with a large number of virtual routers (VRs) when SSH is configured on VRs other than the default, SSH can sometimes become disabled. This condition happens if SSH attempts to bind with a VR before the VR becomes reenabled after the restart. In this case, after stateful SRP switchover is completed, if you enter the crypto key zeroize dss command to disable the SSH server daemon, a message is displayed stating that the VR instance is not enabled and prompts you to retry after SSH is reenabled on that VR. After the VR instance is reenabled, you must manually reenable SSH either by accessing the console VTY or creating a Telnet session to the router by using the crypto key generate dss command.

Options

• generate—Creates the SSH server host key and enables the daemon
• zeroize—Deletes the SSH server host key and stops the SSH daemon if it is running. Issuing this command terminates any active client sessions. The next time the router boots after this command is issued, the SSH server daemon is not started.

Mode

Global Configuration

Related Documentation

• Setting Virtual Terminal Access Lists