Unable to connect to ACE30 from 3845/2811 -ssh - Invalid modulus length

achrich · ‎08-08-2011

Hi,

I`ve seen quite a lot of posts regarding SSH issues and the above SSH error. However the fix mainly involves upgrading clients but in this instance the client is are Cisco routers 3845 / 2811 - which we use for out and inband management.

Connectivity / routing etc is proven. Using SSH v2 the actual 6500 chassis where the ACE is physically located works fine. Configuring SSH v1 on the ACE module allows connections via the 3845/2811`s but we cannot use this.

Both have the following IOS Version 12.4(24)T4. I have tried various key sizes on the ACE module.

The SSH debug is :

Aug 8 09:44:00.755: SSH2 CLIENT 2: SSH2_MSG_KEXINIT sent

Aug 8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 536 bytes received

Aug 8 09:44:00.767: SSH2 CLIENT 2: input: total packet length of 776 bytes

Aug 8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 768 bytes,

maclen 0

Aug 8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 240 bytes received

Aug 8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 768 bytes,

maclen 0

Aug 8 09:44:00.767: SSH2 CLIENT 2: input: padlength 10 bytes

Aug 8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEXINIT received

Aug 8 09:44:00.767: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1

Aug 8 09:44:00.767: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1

Aug 8 09:44:00.767: SSH2 CLIENT 2: send:packet of length 24 (length also inclu des padlen of 6)

Aug 8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_REQUEST sent

Aug 8 09:44:00.767: SSH2 CLIENT 2: Range sent- 1024 < 2048 < 4096

Aug 8 09:44:00.859: SSH2 CLIENT 2: ssh_receive: 424 bytes received

Aug 8 09:44:00.863: SSH2 CLIENT 2: input: total packet length of 424 bytes

Aug 8 09:44:00.863: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee ded 416 bytes,

maclen 0

Aug 8 09:44:00.863: SSH2 CLIENT 2: input: padlength 10 bytes

Aug 8 09:44:00.863: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_GROUP received

Aug 8 09:44:00.863: SSH2 CLIENT 2:

Invalid modulus length

Is there a fix for this issue ?

Many thanks for any tips/advise.

Pulkit Nagpal · ‎08-17-2011

Moved this discussion to Data centre community for quicker response.

Regards,

Pulkit Nagpal

Community Manager- R&S

ohynderi · ‎08-18-2011

What is the ssh key size that you have on the ACE? For this just have a look at the "sh ssh key" command output.

Olivier

achrich · ‎09-02-2011

HI,

I`ve tried 768,1024 and 2048 and all report the same issue. Currently the key is set to 2048.

Cheers

achrich · ‎10-12-2011

I`ve now tried a new version of the code incase it was a bug. ( 12.4 (24) T6 ) and various key sizes ( 768, 1024,2048, 4096) but no avail.

Oct 12 13:16:26.435: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.2

Oct 12 13:16:26.435: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25

Oct 12 13:16:26.435: SSH CLIENT0: protocol version exchange successful

Oct 12 13:16:26.435: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent

Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received

Oct 12 13:16:26.447: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1

Oct 12 13:16:26.447: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1

Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_REQUEST sent

Oct 12 13:16:26.447: SSH2 CLIENT 0: Range sent- 1024 < 2048 < 4096

Oct 12 13:16:26.535: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_GROUP received

Oct 12 13:16:26.535: SSH2 CLIENT 0:

Invalid modulus length

Oct 12 13:16:26.535: SSH CLIENT0: key exchange failure (code = 0)

Oct 12 13:16:26.535: SSH CLIENT0: Session disconnected - error 0x00