SSH from Ciscoworks [Solaris] to 7300 router

Unanswered Question
Mar 11th, 2007

Hi. I'm having this error when using SSH when connecting to routers. This is experienced only on solaris server. When putty is used. it works fine. Thanks

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

#

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 03/11/2007 - 22:25

Regenerate your crypto key on your router with a modulus larger than 512 bits. I usually use 1024:

crypto key generate

The name for the keys will be: Router

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:1024

ariesc_33 Mon, 03/19/2007 - 01:46

I changed the modulus on the server instead, but same problem. Regenerating crypto on routers will require more time and might affect operation since I have 100 plus routers.

Below is what i did on the server.

# less sshd_config

# Length of the server key

# Default 768, Minimum 512

ServerKeyBits 512

# /usr/bin/ssh-keygen -b 512

Enter file in which to save the key(//.ssh/id_rsa): /etc/ssh/ssh_host_rsa_key

/etc/ssh/ssh_host_rsa_key already exists.

Overwrite(yes/no)? yes

Generating public/private rsa key pair.

Enter passphrase(empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /etc/ssh/ssh_host_rsa_key.

Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.

The key fingerprint is:

md5 512 79:64:a4:b7:0e:b7:04:01:b2:44:03:ac:c5:2f:13:78 root@SVR-MGONMS-01

# /etc/init.d/sshd stop

# /etc/init.d/sshd start

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

any idea? Thankss

Joe Clarke Mon, 03/19/2007 - 08:48

This doesn't do anything. You're not connecting to the Solaris sshd, you're connecting to the router's SSH server. I don't see where the OpenSSH client allows the minimum number of bits to be specified.

Actions

This Discussion