SSH from Ciscoworks [Solaris] to 7300 router

ariesc_33 · ‎03-11-2007

Hi. I'm having this error when using SSH when connecting to routers. This is experienced only on solaris server. When putty is used. it works fine. Thanks

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

#

Joe Clarke · ‎03-11-2007

Regenerate your crypto key on your router with a modulus larger than 512 bits. I usually use 1024:

crypto key generate

The name for the keys will be: Router

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:1024

ariesc_33 · ‎03-19-2007

I changed the modulus on the server instead, but same problem. Regenerating crypto on routers will require more time and might affect operation since I have 100 plus routers.

Below is what i did on the server.

# less sshd_config

# Length of the server key

# Default 768, Minimum 512

ServerKeyBits 512

# /usr/bin/ssh-keygen -b 512

Enter file in which to save the key(//.ssh/id_rsa): /etc/ssh/ssh_host_rsa_key

/etc/ssh/ssh_host_rsa_key already exists.

Overwrite(yes/no)? yes

Generating public/private rsa key pair.

Enter passphrase(empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /etc/ssh/ssh_host_rsa_key.

Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.

The key fingerprint is:

md5 512 79:64:a4:b7:0e:b7:04:01:b2:44:03:ac:c5:2f:13:78 root@SVR-MGONMS-01

# /etc/init.d/sshd stop

# /etc/init.d/sshd start

# ssh 10.254.12.5

ssh_rsa_verify: n too small: 512 bits

key_verify failed for server_host_key

any idea? Thankss

Joe Clarke · ‎03-19-2007

This doesn't do anything. You're not connecting to the Solaris sshd, you're connecting to the router's SSH server. I don't see where the OpenSSH client allows the minimum number of bits to be specified.