Periodicity

While setting up a new Cisco SG550X switch, I was trying to import the TLS certificate for the web interface. It is possible to do this via the web interface, but I have had bad experiences with trying this on oh-so-many SG300s, so I immediately went the way I know works there:

config
crypto certificate 1 import
[paste private key into SSH window]
[public key]
[certificate]

Then enter a period to finish.

Unfortunately the SSH session froze after a few lines of the private key. I let it time out, then tried again, with the same result.

It later worked via the serial console, but with the same behavior where the input stops after 5-10 lines. On the serial link, this probably is an effect of missing flow control; the advantage over the SSH situation is that the session remains responsive and you can just drop in the next chunk.

Imagine my surprise when a while later, I wanted to backup the configuration:

copy startup-config tftp://tftp
Must be valid URL or reserved keyword

Oops. Apparently the period, which was the next character in the host name, is now an Enter key. Huh?

It worked normally on the serial console, but the prospect of not getting usable SSH sessions to the thing until I could find a window to restart it was not very inviting.

The cause of the problem is somewhat obvious in hindsight. Apparently Cisco uses a budget SSH server on the switch that essentially only has one session, and the crypto certificate 1 import put that server into a mode where the period is an Enter key.

Fix: Enter the import mode again, then immediately “period out”.

https://community.cisco.com/t5/small-business-switches/sg550x-ssh-treats-period-as-enter/m-p/3704290