Re: Cant SSH to Router After Changing Modulos Size to 512

WildMan365 · ‎04-25-2018

I was SSH'd into a router & changed the the modulos size using the "crypto key generate rsa" command. After that when I try SSH with Putty I get a "connection refused" error & cant log in anymore. Any ideas?

Rob Ingram · ‎04-25-2018

Hi,
Without seeing a debug, my guess is that the router or putty is not permitting the connection because modulus size 512 is too weak. The recommended modulus for a CA key is 2048 bits, try removing the existing key using "crypto key zeroize rsa" then recreating with modulus 2048.
HTH

WildMan365 · ‎04-25-2018

I assume there is no way to do this remotely?

Hulk8647 · ‎04-25-2018

You can actually fix that remotely if you have your community read/write configured and have a software that can push the config change to the router. In my case, I use the solarwinds admin toolset. I fixed a lot of my SSH issues with it.

WildMan365 · ‎04-25-2018

I have read only. I think I'm screwed here & need to console in to fix this.

Richard Burts · ‎04-25-2018

Is your remote access on the vty restricted to only SSH, or is telnet also permitted??

HTH

Rick

HTH

Rick

WildMan365 · ‎04-25-2018

Good question. Only SSH is enabled. I should have enabled telnet temporarily when I was reconfiguring.

Richard Burts · ‎04-25-2018

If your SNMP is read only and if only SSH is permitted on vty then it looks like your only alternative is the console port.

HTH

Rick

HTH

Rick