SSH Problem - Need urgent help

gajanangavli · ‎03-27-2008

ssh configured on router

by following command

ip domain name

hostname

crypto key generate rsa

1024

while logging by ssh

it shows some message like

rsa fingerprint nc.ht.------

---------------------------connect yes/no ?

should i proceed or varify the key ?

if varify then how it should.

i-kendall · ‎03-28-2008

Proceed - on the first connection the key is pushed by the router to the client, so they can both encrypt and decrypt the traffic (the secure bit of ssh). The next time you connect you should not see this message, as the client usually caches this. You usually don't need to do anything else like install keys manually, the cline does this for you. I tend to use Putty for SSH, it seems to work fine with no drawbacks.

Hope this helps.

gajanangavli · ‎03-28-2008

Thanks

i have another problem for ssh - router

after pusshing the command

crypto key generate rsa

1024

ip ssh version 2

it again ask for

generate the rsa key

is there any problem with IOS bug ?

for another router while logging every time message is like

the first cipher suported by server is single-des , which is below -----

do you want to continue with this connection.

Kindly suggest in both cases what i should do?

i-kendall · ‎03-28-2008

Just tried it on mt 831 and it works fine. I am running 12.3(2)XE4, so maybe it is a version issue.

First though, try removing the key and re-generating it. Do a crypto key zeroize rsa command and try again. If it is still the same, I think you should try a newer version of the IOS.

I am guessing, but I think the second router has too small a key modulus. Try to remove the key, and regenerate it. If it is the same, try new IOS.

I don't play with SSH too much, just usually set up, restrict access to the vty to just SSH, and forget it. So I am not sure the above is correct, but it is a good place to start.