Error when configruing ssh version 2

Unanswered Question
Jul 1st, 2010

due to audit purposes, i need to enable ssh version 2 instead of version 1.

but i m seeing this error message when i tried to configure version 2.

"please create RSA keys to enable SSH(of at lease 768 bits size) to enable SSH v2."

steps that i used to enabled version 2.

#no ip ssh version 1

#crypto key generate rsa

#moduls key is 1024 when prompted.

my ios version is Version 12.2(44)SE6.

what else do i need to have ssh version 2 enabled?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Alexander Deems Thu, 07/01/2010 - 07:33

I believe you just need to perform these steps to setup ssh version 2 using a domain and hostname.


1. enable

2. configure  terminal

3. hostname hostname

4. ip domain-name name

5. crypto key  generate rsa

6. ip ssh [timeout seconds | authentication-retries integer]

7. ip ssh version 2

Check this article out if you want more details about ssh version 2.

yeow_km Thu, 07/01/2010 - 07:55

i already have my hostname and ip domain-name configured .

when i do a show ip ssh, this is what i get.

switch# show ip ssh: 
%SYS-5-CONFIG_I: Configured from console by consoleh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

am i worrying abt the wrong thing ??

DialerString_2 Thu, 07/01/2010 - 12:40

I don't see were you actually changed it to version 2 in your first post. I see where you went back and regenerated the RSA key and remove v1 - you still have to specify the version if you haven't.  If that fails check your IOS version, however it should support v2 since you upgraded the key to 1024 bit. Maybe change your host name? I'm reaching now..

Richard Burts Thu, 07/01/2010 - 17:34

The statement that SSH Enabled - version 1.99 says that it currently supports both version 1 and version 2 of SSH.

If you want to restrict it to only version 2 then try the configuration option of ip ssh version 2 again. From what is posted I believe that it should work now.



yeow_km Thu, 07/01/2010 - 19:16

is there any impact when i turn off  ip http secure-server ?

Richard Burts Thu, 07/01/2010 - 21:28

There is no impact if you turn off http secure-server (other than the fact that you will not be able to use the https GUI interface to manage your device).



thinakraj Fri, 07/02/2010 - 05:53


i have faced this same problem..

once you config the domanin name and also created key

give the command

no show ip ssh 1.99

in the global.
and give the command

#ip ssh 2


Chetan Kumar Ress Thu, 07/01/2010 - 07:32


Can you post the show version output.

Please chek the name on IOS & version  and you can use below link to check the SSH v2 feature , Weather it will support or not.    --- Use Search by Technology  or Search by image

It you have IOS that support SSHv2 then below the config for same.

Simply use command in config mode .

Before using that command you have to give the domain name to you router.

i.e ip domain-name

R1(config)# ip http secure-server

It will generate Crypto RSA key . ( Use 1024 bit )

and in line vty config

line vty 04

transport input ssh


Chetan Kumar


This Discussion