Switch Management Guide
S
ECURE
 S
HELL
 C
OMMANDS
22-29
Default Setting 
Generates both the DSA and RSA key pairs.
Command Mode 
Privileged Exec
Command Usage 
• The switch uses only RSA Version 1 for SSHv1.5 clients and DSA 
Version 2 for SSHv2 clients.
• This command stores the host key pair in memory (i.e., RAM). Use the 
ip ssh save host-key command to save the host key pair to flash 
memory. 
• Some SSH client programs automatically add the public key to the 
known hosts file as part of the configuration process. Otherwise, you 
must manually create a known hosts file and place the host public key 
in it. 
• The SSH server uses this host key to negotiate a session key and 
encryption method with the client trying to connect to it. 
Example 
Related Commands
ip ssh crypto zeroize (22-29)
ip ssh save host-key (22-30)
ip ssh crypto zeroize
This command clears the host key from memory (i.e. RAM). 
Syntax 
ip ssh crypto zeroize [dsa | rsa]
• dsa – DSA key type. 
• rsa – RSA key type. 
Default Setting 
Clears both the DSA and RSA key.
Console#ip ssh crypto host-key generate dsa
Console#










