Symptom

ISR1K: After reloading, created RSA keys are lost. As a result, services that use these keys will not function properly, including SNMPv3 and SSH. Error message `%SYS-2-PRIVCFG_DECRYPT_FAILURE: key read failed...` can be found in the console log.

Conditions

Known affected platforms: C1111, C1121, C1131 Reproduce steps: 1. Create the RSA key and configure SSH: ip domain name crypto key generate rsa modulus 2048 label SSH-KEY ip ssh rsa keypair-name SSH-KEY ip ssh version 2 2. Write the configuration: Router#wr Building configuration... [OK] *Aug 6 14:58:42.603: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file 3. Reload the box 4. After reloading, the RSA keys used for SSH are found to be lost. Router#show ip ssh Router#show crypto key mypubkey rsa

Workaround

Further Problem Description