02-23-2014 11:00 PM - edited 03-07-2019 06:22 PM
Hello,
I have a 3925 router Version 15.2(4)M5 which is being used for terminating a back up Internet link and will be used to SSh the internal devices from outside in cas eht e primary link fails.
All the internal devices are reachable from the router through SSH but only a one cisco small business switch is not reachable with the following error:
ssh -l inat8222a 172.30.41.3
[Connection to 172.30.41.3 aborted: error status 0]
%SSH-3-INV_MOD: Invalid modulus length
ssh -l inat8222a 172.30.41.3
[Connection to 172.30.41.3 aborted: error status 0]
The following log is generated on the 3925 router after the connection fails:
%SSH-3-INV_MOD: Invalid modulus length
What needs to be changed in order to make this connection successful.
Thanks in advance.
Reagrds,
Anand
02-24-2014 06:51 AM
Anand,
can you look at
show ip ssh
on your 3925 - you should see something like this:-
#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 15 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
You need to know what length the key should be set too from
the SSH host you are using
http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
Regards,
Alex.
Please rate useful posts.
02-24-2014 10:18 PM
Hello Alex,
I can see the following on the SSH source cisco 3925:
sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
On the target cisco sg-500 switch i can see the following:
sh ip ssh
SSH Server enabled. Port: 22
RSA key was generated.
DSA(DSS) key was generated.
SSH Public Key Authentication is disabled.
Regards,
Anand
02-25-2014 06:25 AM
Anand,
On your 3925 can you try adding this line to your config:-
!
ip ssh dh min size 4096
!
Regards,
Alex.
Please rate useful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide