cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3239
Views
0
Helpful
8
Replies

Error when configruing ssh version 2

yeow_km
Level 1
Level 1

due to audit purposes, i need to enable ssh version 2 instead of version 1.

but i m seeing this error message when i tried to configure version 2.

"please create RSA keys to enable SSH(of at lease 768 bits size) to enable SSH v2."

steps that i used to enabled version 2.

#no ip ssh version 1

#crypto key generate rsa

#moduls key is 1024 when prompted.

my ios version is Version 12.2(44)SE6.

what else do i need to have ssh version 2 enabled?

8 Replies 8

Hi

Can you post the show version output.

Please chek the name on IOS & version  and you can use below link to check the SSH v2 feature , Weather it will support or not.

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp    --- Use Search by Technology  or Search by image

It you have IOS that support SSHv2 then below the config for same.

Simply use command in config mode .

Before using that command you have to give the domain name to you router.

i.e ip domain-name xxxx.com

R1(config)# ip http secure-server

It will generate Crypto RSA key . ( Use 1024 bit )

and in line vty config

line vty 04

transport input ssh

Regards

Chetan Kumar

Alexander Deems
Level 1
Level 1

I believe you just need to perform these steps to setup ssh version 2 using a domain and hostname.

SUMMARY STEPS

1. enable

2. configure  terminal

3. hostname hostname

4. ip domain-name name

5. crypto key  generate rsa

6. ip ssh [timeout seconds | authentication-retries integer]

7. ip ssh version 2

Check this article out if you want more details about ssh version 2.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_ssh2.html

i already have my hostname and ip domain-name configured .

when i do a show ip ssh, this is what i get.

switch# show ip ssh: 
%SYS-5-CONFIG_I: Configured from console by consoleh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

am i worrying abt the wrong thing ??

I don't see were you actually changed it to version 2 in your first post. I see where you went back and regenerated the RSA key and remove v1 - you still have to specify the version if you haven't.  If that fails check your IOS version, however it should support v2 since you upgraded the key to 1024 bit. Maybe change your host name? I'm reaching now..

The statement that SSH Enabled - version 1.99 says that it currently supports both version 1 and version 2 of SSH.

If you want to restrict it to only version 2 then try the configuration option of ip ssh version 2 again. From what is posted I believe that it should work now.

HTH

Rick

HTH

Rick

is there any impact when i turn off  ip http secure-server ?

There is no impact if you turn off http secure-server (other than the fact that you will not be able to use the https GUI interface to manage your device).

HTH

Rick

HTH

Rick

hi

i have faced this same problem..

once you config the domanin name and also created key

give the command

no show ip ssh 1.99

in the global.
and give the command

#ip ssh 2

#wr


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: