Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

%SSH-3-DH_RANGE_FAIL:

Can someone please explain what this syslog message means?  Being getting this on my 3945e series routers.  My gut tells me they are caused by our Security guys scanning my routers with invalid login attempts.

%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on server

1 REPLY
Cisco Employee

%SSH-3-DH_RANGE_FAIL:

Hi,

The message in the logs:

"SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on

server" on the device.

is only informational meaning "client DH key size were not the same as those available on the sever and hence the DH keys could not be exchanged." It seems that some client/server/scan is trying to access the device and credentials do not match, thus the message is generated. You can correlate if this message correspond to the valid user logn attempts or not. Possibly debug ip SSH may help to get more details.

Hope this helps,

Nik

1986
Views
0
Helpful
1
Replies
CreatePlease to create content