SSH from Ciscoworks [Solaris] to 7300 router

Unanswered Question
Mar 11th, 2007
User Badges:

Hi. I'm having this error when using SSH when connecting to routers. This is experienced only on solaris server. When putty is used. it works fine. Thanks

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

#

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 03/11/2007 - 22:25
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Regenerate your crypto key on your router with a modulus larger than 512 bits. I usually use 1024:


crypto key generate

The name for the keys will be: Router

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.


How many bits in the modulus [512]:1024

ariesc_33 Mon, 03/19/2007 - 01:46
User Badges:

I changed the modulus on the server instead, but same problem. Regenerating crypto on routers will require more time and might affect operation since I have 100 plus routers.


Below is what i did on the server.


# less sshd_config


# Length of the server key

# Default 768, Minimum 512

ServerKeyBits 512

# /usr/bin/ssh-keygen -b 512

Enter file in which to save the key(//.ssh/id_rsa): /etc/ssh/ssh_host_rsa_key

/etc/ssh/ssh_host_rsa_key already exists.

Overwrite(yes/no)? yes

Generating public/private rsa key pair.

Enter passphrase(empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /etc/ssh/ssh_host_rsa_key.

Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.

The key fingerprint is:

md5 512 79:64:a4:b7:0e:b7:04:01:b2:44:03:ac:c5:2f:13:78 [email protected]-MGONMS-01

# /etc/init.d/sshd stop

# /etc/init.d/sshd start

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

any idea? Thankss

Joe Clarke Mon, 03/19/2007 - 08:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This doesn't do anything. You're not connecting to the Solaris sshd, you're connecting to the router's SSH server. I don't see where the OpenSSH client allows the minimum number of bits to be specified.

Actions

This Discussion