Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2848
Views
0
Helpful
2
Replies

ssh between switches not working

Go to solution
ahintzsche
Level 1
Level 1

‎10-14-2010 12:50 AM - edited ‎03-06-2019 01:30 PM

Hello,

We have a network of more than 1000 network devices. We introduced ssh a number of years ago. At the time we used key modulus 512. We are now implementing modulus 1024 with any new devices being installed. Yesterday we installed a  switch (2960 - 12.2.52SE) and generated keys etc. But when we tried to ssh to an older switch (2950 - 12.1.22EA10a) it gave the following error messages:

Server's public key below the mandatory size of 768 bits!

SSH2 CLIENT 0: signature verification failed, status -1

Zeroizing the key on the old switch and re-generating it with a higher modulus works, but is there another way? At the time when we installed the older switches it never complained about the mandatory size. Why does the command "crypto key generate" allow for a size starting at 360 bits??

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7

‎10-14-2010 04:17 AM

Hi ,

RSA keys size for SSH v2 is atleast 768 bits.

If on one router you have version 2 and on the other one is version 1.99 you must specify the version on the other end. (higher to lower version)

For example :

ssh -l user - v 1 192.168.1.1

HTH

Dan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7

‎10-14-2010 04:17 AM

Hi ,

RSA keys size for SSH v2 is atleast 768 bits.

If on one router you have version 2 and on the other one is version 1.99 you must specify the version on the other end. (higher to lower version)

For example :

ssh -l user - v 1 192.168.1.1

HTH

Dan

0 Helpful

Go to solution
ahintzsche
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎10-14-2010 06:52 AM

Thank you ever so much.

It is very odd. I can putty to the switch and "show ssh" gives me

connection 0 connected with version 2.0, encryption 3des-cbc

On one of the new switches it gives me:

connection 0 connected with version 2.0, encryption aes256-cbc

Putty seems to ignore the 768 bits rule.

Yes, connecting between old switches (or specifying v1 from a new switch) connects then with version 1.5. From an old switch I couldn't specify the version to choose 2 rather than default.

Thanks anyway. This is a great help. Will get the keys regenerated at some point.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card