10-14-2010 12:50 AM - edited 03-06-2019 01:30 PM
Hello,
We have a network of more than 1000 network devices. We introduced ssh a number of years ago. At the time we used key modulus 512. We are now implementing modulus 1024 with any new devices being installed. Yesterday we installed a switch (2960 - 12.2.52SE) and generated keys etc. But when we tried to ssh to an older switch (2950 - 12.1.22EA10a) it gave the following error messages:
Server's public key below the mandatory size of 768 bits!
SSH2 CLIENT 0: signature verification failed, status -1
Zeroizing the key on the old switch and re-generating it with a higher modulus works, but is there another way? At the time when we installed the older switches it never complained about the mandatory size. Why does the command "crypto key generate" allow for a size starting at 360 bits??
Thanks
Solved! Go to Solution.
10-14-2010 04:17 AM
Hi ,
RSA keys size for SSH v2 is atleast 768 bits.
If on one router you have version 2 and on the other one is version 1.99 you must specify the version on the other end. (higher to lower version)
For example :
ssh -l user - v 1 192.168.1.1
HTH
Dan
10-14-2010 04:17 AM
Hi ,
RSA keys size for SSH v2 is atleast 768 bits.
If on one router you have version 2 and on the other one is version 1.99 you must specify the version on the other end. (higher to lower version)
For example :
ssh -l user - v 1 192.168.1.1
HTH
Dan
10-14-2010 06:52 AM
Thank you ever so much.
It is very odd. I can putty to the switch and "show ssh" gives me
connection 0 connected with version 2.0, encryption 3des-cbc
On one of the new switches it gives me:
connection 0 connected with version 2.0, encryption aes256-cbc
Putty seems to ignore the 768 bits rule.
Yes, connecting between old switches (or specifying v1 from a new switch) connects then with version 1.5. From an old switch I couldn't specify the version to choose 2 rather than default.
Thanks anyway. This is a great help. Will get the keys regenerated at some point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide