It seemed simple enough: use ip ssh version 2.
This was the result:
3750xCoreStack(config)#ip ssh version 2
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
3750xCoreStack(config)#cry key gen rsa
% You already have RSA keys defined named 3750xCoreStack
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 65 seconds)
3750xCoreStack(config)#ip ssh version 2
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
3750xCoreStack(config)#
So, I definitely have a 2048-bit RSA key, but it tells me that I need one in order to enable SSH. SSHv1 is presently working. Software is
Cisco IOS Software, C3750E Software (C3750E-IPBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1)
Any thoughts?
Thanks to both @Michael Hampton and @Dan for important pieces of information. The ip domain-name was already set, but when I enabled SSH by using the keypair name, that worked properly.
So, in short: if your router has RSA keys generated, but won't enable SSHv2, enable SSH with the name of the RSA keys, like so:
and then
Thankfully, this was a lab setup so no SSHv1 traffic was publicly sent, and no actual passwords were used, so mitigation from using a bad SSH version was minimal.
I had the same problem with a 3560, I just deleted the key and recreated and it worked...
After the RSA key pair is deleted, the SSH server is automatically disabled.
carter(config)# crypto key zeroize rsaI hope it helps!