Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH version 2

Good morning,

guys please help me.

Output from my router:

SSH enabled - version 1.99

When I connect to this router from my linux by command ssh username@hostname  I get 

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

I've already issued command crypto key generate rsa with modulus 1024bits. But it doesnt help.

Please, some idea?

Thanks!

 

(I connect with command ssh -1 username@hostname)

 

 

3 REPLIES
New Member

Have you tried not using the

Have you tried not using the -1 since the change? Also when you issued crypto key generate rsa with modulus 1024bits it should have asked you to replace the current key, did you say yes?

New Member

Thanks for your reply.Yes of

Thanks for your reply.

Yes of course, I answered yes on this question and it doesnt help. I tried it after that without -1 and no change.

Still same output:

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

New Member

Is this the procedure you

Is this the procedure you used on the router?

 

Updated procedure:

C2950T-24#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C2950T-24(config)#aaa new-model
C2950T-24(config)#username myuser password 0 mypass
C2950T-24(config)#line vty 0 4
C2950T-24(config-line)#transport input telnet
C2950T-24(config-line)#transport input ssh
C2950T-24(config-line)#exit
C2950T-24(config)#ip domain-name taosecurity.com
C2950T-24(config)#cry key generate rsa
The name for the keys will be: C2950T-24.taosecurity.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]

01:12:54: %SSH-5-ENABLED: SSH 1.99 has been enabled
C2950T-24(config)#ip ssh time-out 60
C2950T-24(config)#ip ssh authentication-retries 2
C2950T-24(config-line)#end

1628
Views
0
Helpful
3
Replies