The Cisco Intrusion Detection System (IDS) SSH (Secure Shell) error message can be caused by a misconfiguration of the Public Modulus field. The RSA algorithm uses the Public Modulus to encrypt data.
What is SSH?
The Secure Shell (SSH) Protocol enables the user to login securely from remote locations over an insecure network
The SSH2 protocol provides improvements to SSH1. Few of them are mentioned below:
A more secure protocol.
With root privileges less code run is required in new design.
New methods for cryptography and mathematics resulting incredible improvement in Speed
Support for multiple public key algorithms, including DSA and Diffie-Hellman key exchange.
To resolve this issue, verify that the SSH hosts are correctly added to the IDS configuration.
Perform these steps:
In the IDS Device Manager Sensor, select Device > Sensor Setup > Known Host Keys.
The SSH Host Keys page appears.
To add known host keys, click Add.
To identify the key, enter a unique ID in the ID field.
Note: The ID should be a 1 to 256 character string that uniquely identifies the authorized key.
Numbers, "_", and "-" are valid. Spaces are not valid.
In the Key Modulus Length field, enter an ASCII decimal integer from 511 to 2048.
The Key Modulus Length is the number of significant bits in the modulus. The strength of an Rivest, Shamir, and Adelman (RSA) key relies on the size of the modulus. The more bits the modulus has, the stronger the key.
In the Public Exponent field, enter an ASCII decimal integer from 3 to 4294967296.
The RSA algorithm uses the Public Exponent to encrypt data.
In the Public Modulus field, enter an ASCII decimal integer in the range x, such that (2^ [key-modulus-length-1]) < x < (2^key-modulus-length).
The RSA algorithm uses the Public Modulus to encrypt data.
Good day, I have two Firepower 1140 firewalls configured using FMC.I am trying to setup a 1:1 NAT on it and I can't seem to get it working. We have /28 subnet from our ISP that we are using. I created a NAT with the following settings (thi...
Hello Network Security Community, We have a new FPR-1010, without additional feature subscription. What are the options to license it when both Internet access and FMC are not available? We do have a Smart account though. Thanks for ...
Good day, Has anyone done the flexconfig configurations for Dead Peer Detection (DPD) on a FTD 1120 in HA? The design idea is to have multiple sites with different vendor equipment connect to the FTD via IPsec VPN. There are 2 public ...
Hi All, wanted to know if ASA can automatically block an IP I was monitoring the ASA using SNMPv3 on UDP 161 port using a IT monitoringsuddenly i received alerts saying that ASA was unreachable but I was able to access ASDM/SSH