Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH Modulus issue

Hello,

I have a 3925 router Version 15.2(4)M5 which is being used for terminating a back up Internet link and will be used to SSh the internal devices from outside in cas eht e primary link fails.

All the internal devices are reachable from the router through SSH but only a one cisco small business switch is not reachable with the following error:

ssh -l inat8222a 172.30.41.3

[Connection to 172.30.41.3 aborted: error status 0]

%SSH-3-INV_MOD: Invalid modulus length

ssh -l inat8222a 172.30.41.3
[Connection to 172.30.41.3 aborted: error status 0]

The following log is generated on the 3925 router after the connection fails:

%SSH-3-INV_MOD: Invalid modulus length

What needs to be changed in order to make this connection successful.

Thanks in advance.

Reagrds,

Anand

3 REPLIES
Green

SSH Modulus issue

Anand,

can you look at

show ip ssh

on your 3925 - you should see something like this:-

#sh ip ssh

SSH Enabled - version 1.99

Authentication timeout: 15 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

You need to know what length the key should be set too from

the SSH host you are using

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
New Member

SSH Modulus issue

Hello Alex,

I can see the following on the SSH source cisco 3925:

sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 60 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

On the target cisco sg-500 switch i can see the following:

sh ip ssh

SSH Server enabled. Port: 22

RSA key was generated.

DSA(DSS) key was generated.

SSH Public Key Authentication is disabled.

Regards,

Anand

Green

SSH Modulus issue

Anand,

On your 3925 can you try adding this line to your config:-

!

ip ssh dh min size 4096

!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
768
Views
0
Helpful
3
Replies