cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3349
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

The Cisco Intrusion Detection System (IDS) SSH  (Secure Shell) error message can be caused by a misconfiguration of the Public Modulus field. The RSA algorithm uses the Public Modulus to encrypt data.

What is SSH?

The Secure Shell (SSH) Protocol enables the user to login securely from remote locations over an insecure network

The SSH2 protocol provides improvements to SSH1. Few of them are mentioned below:

  • A more secure protocol.
  • With root privileges less code run is required in new design.
  • New methods for cryptography and mathematics resulting incredible improvement in Speed
  • Support for multiple public key algorithms, including DSA and Diffie-Hellman key exchange.

Resolution

To resolve this issue, verify that the SSH hosts are correctly added to the IDS configuration.

Perform these steps:

  1. In the IDS Device Manager Sensor, select Device > Sensor Setup > Known Host Keys.

    The SSH Host Keys page appears.

  2. To add known host keys, click Add.

  3. To identify the key, enter a unique ID in the ID field.

    Note: The ID should be a 1 to 256 character string that uniquely identifies the authorized key.

    Numbers, "_", and "-" are valid. Spaces are not valid.

  4. In the Key Modulus Length field, enter an ASCII decimal integer from 511 to 2048.

    The Key Modulus Length is the number of significant bits in the modulus. The strength of an Rivest, Shamir, and Adelman (RSA) key relies on the size of the modulus. The more bits the modulus has, the stronger the key.

  5. In the Public Exponent field, enter an ASCII decimal integer from 3 to 4294967296.

    The RSA algorithm uses the Public Exponent to encrypt data.

  6. In the Public Modulus field, enter an ASCII decimal integer in the range x, such that (2^ [key-modulus-length-1]) < x < (2^key-modulus-length).

    The RSA algorithm uses the Public Modulus to encrypt data.

For more information, refer to the Configuring SSH Known Host Keys section of IDS Device Manager Sensor Setup.

For help in resolving commands, refer to the ssh host-key section of the Cisco Intrusion Prevention System Command Reference 5.0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: