07-01-2010 06:20 AM - edited 03-06-2019 11:51 AM
due to audit purposes, i need to enable ssh version 2 instead of version 1.
but i m seeing this error message when i tried to configure version 2.
"please create RSA keys to enable SSH(of at lease 768 bits size) to enable SSH v2."
steps that i used to enabled version 2.
#no ip ssh version 1
#crypto key generate rsa
#moduls key is 1024 when prompted.
my ios version is Version 12.2(44)SE6.
what else do i need to have ssh version 2 enabled?
07-01-2010 07:32 AM
Hi
Can you post the show version output.
Please chek the name on IOS & version and you can use below link to check the SSH v2 feature , Weather it will support or not.
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp --- Use Search by Technology or Search by image
It you have IOS that support SSHv2 then below the config for same.
Simply use command in config mode .
Before using that command you have to give the domain name to you router.
i.e ip domain-name xxxx.com
R1(config)# ip http secure-server
It will generate Crypto RSA key . ( Use 1024 bit )
and in line vty config
line vty 04
transport input ssh
Regards
Chetan Kumar
07-01-2010 07:33 AM
I believe you just need to perform these steps to setup ssh version 2 using a domain and hostname.
1. enable
2. configure terminal
3. hostname hostname
4. ip domain-name name
5. crypto key generate rsa
6. ip ssh [timeout seconds | authentication-retries integer]
7. ip ssh version 2
Check this article out if you want more details about ssh version 2.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_ssh2.html
07-01-2010 07:55 AM
07-01-2010 12:40 PM
I don't see were you actually changed it to version 2 in your first post. I see where you went back and regenerated the RSA key and remove v1 - you still have to specify the version if you haven't. If that fails check your IOS version, however it should support v2 since you upgraded the key to 1024 bit. Maybe change your host name? I'm reaching now..
07-01-2010 05:34 PM
The statement that SSH Enabled - version 1.99 says that it currently supports both version 1 and version 2 of SSH.
If you want to restrict it to only version 2 then try the configuration option of ip ssh version 2 again. From what is posted I believe that it should work now.
HTH
Rick
07-01-2010 07:16 PM
is there any impact when i turn off ip http secure-server ?
07-01-2010 09:28 PM
There is no impact if you turn off http secure-server (other than the fact that you will not be able to use the https GUI interface to manage your device).
HTH
Rick
07-02-2010 05:53 AM
hi
i have faced this same problem..
once you config the domanin name and also created key
give the command
no show ip ssh 1.99
in the global.
and give the command
#ip ssh 2
#wr
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: