Edwin

What version of SecureCRT are you using? And what version of IOS was on this router?

I have had the experience that recent versions of IOS have an incompatibility with some older versions of SecureCRT. I think the error message that I saw was similar to the one in your post.

HTH

Rick

Rick,

This problem was solved.

I was using SecureCRT version 3 and I've already upgraded to version 6.

I think there are 2 solutions for this ssh error:

1. Downgrade your IOS to meet the requirement of SecureCRT supporting.

2. Upgrade your SecureCRT version to meet the requirement of IOS.

And I choose the solution number 2.

Hope this help.

Edwin

Edwin

Thank you for posting back to the forum that the problem was resolved. I very much agree that the better solution is to upgrade the version of SecureCRT.

HTH

Rick

I am in the process of implementing SSH on all our network hardware. I am receiving this same error on two routers out of the several dozen I have done so far. I can connect using SecureCRT version 5 to all the routers so far except of these two. Some of the routers are 2811s and some are newer 2911s. The two that I am receiving the error message on are running c2900-universalk9-mz.SPA.150-1.M4.bin and c2900-universalk9-mz.SPA.150-1.M3.bin. The other 2911s I have are running c2900-universalk9-mz.SPA.151-4.M1.bin I have compared the sh SSH information from both a working and non working router and they look basically the same. I am using the same script to enable SSH on all the hardware so am now wondering if there is a bug in the IOS? I have zeroized the RSA  and recreated with no change. I also have noticed that the key is not listed in the config as in the working routers.

Script:

ip domain name {mydomain}

ip ssh time-out 60
ip ssh authentication-retries 3
ip ssh version 2

crypto key generate rsa general-keys modulus 1024

line vty 0 4
no privilege level 15
login local
transport input ssh
line vty 5 15
no privilege level 15
login local
transport input ssh

working:

Phoenix_r#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDd0h7KPpDkU+aVbyBa44UFqNo7a64JXMD5
rTYj+MNIfmG+6z1av5G0Pgd9YvbsEjw1XMdMZzxOuq6537ntNSoUurn8ZbXCCGd5
EQwb6cjdpk4bnM96iobZEqGktY4yza031JtS8Wz+ts9zb5WSjnALiSq6xR2pXgCi
KDVgi3lBCw==

Phoenix_r#

non-working:

Carrollton_r#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC0hG9r5Srg8mvIQlVZU2vJYakJug2OWeRp
XBq33iHki9CE3XT0mrmkH7cZegwuQ+tzyeMqSrZhNbzPFXnVadK1C9F5NI7hPnlx
8RRF7x2rgrvmTfb17MWdnNW/MLkS/d/Z8zyLyFOP4p0wGqgieZBNrj3mzr2rNkjA
sGiSlJ8Aow==

Carrollton_r#

Are you using SecureCRT as your terminal emulator? If so what version of SecureCRT are you using?

One way that you could check and see if it is a problem in SSH or in SecureCRT would be to either use some other terminal emulator on your PC (PuTTY is a commonly used emulator that does have good support for SSH) or to SSH to the problem router from some source other than your PC (SSH from one of the other routers would be the easy alternative).

HTH

Rick

I am using SecureCRT version 5 and like I said is working fine on outer 2911s configured with SSH. I will try to see if I can SSH between routers.

Thanks ...

Brent

A little more follow up. It works fine if I have the router set on SSH version 1. I can use any size modulous with out any issues. It is not until I go to version 2 that I start having issues with these specific routers. I guess my next step is to see if I can find any issues regarding SSH on that version?

Brent