Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3022
Views
0
Helpful
3
Replies

SSH Modulus issue

Anand Thakur
Level 1
Level 1

‎02-23-2014 11:00 PM - edited ‎03-07-2019 06:22 PM

Hello,

I have a 3925 router Version 15.2(4)M5 which is being used for terminating a back up Internet link and will be used to SSh the internal devices from outside in cas eht e primary link fails.

All the internal devices are reachable from the router through SSH but only a one cisco small business switch is not reachable with the following error:

ssh -l inat8222a 172.30.41.3

[Connection to 172.30.41.3 aborted: error status 0]

%SSH-3-INV_MOD: Invalid modulus length

ssh -l inat8222a 172.30.41.3
[Connection to 172.30.41.3 aborted: error status 0]

The following log is generated on the 3925 router after the connection fails:

%SSH-3-INV_MOD: Invalid modulus length

What needs to be changed in order to make this connection successful.

Thanks in advance.

Reagrds,

Anand

Labels:
0 Helpful
3 Replies 3

acampbell
VIP Alumni
VIP Alumni

‎02-24-2014 06:51 AM

Anand,

can you look at

show ip ssh

on your 3925 - you should see something like this:-

#sh ip ssh

SSH Enabled - version 1.99

Authentication timeout: 15 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

You need to know what length the key should be set too from

the SSH host you are using

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful

Anand Thakur
Level 1
Level 1
In response to acampbell

‎02-24-2014 10:18 PM

Hello Alex,

I can see the following on the SSH source cisco 3925:

sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 60 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

On the target cisco sg-500 switch i can see the following:

sh ip ssh

SSH Server enabled. Port: 22

RSA key was generated.

DSA(DSS) key was generated.

SSH Public Key Authentication is disabled.

Regards,

Anand

0 Helpful

acampbell
VIP Alumni
VIP Alumni
In response to Anand Thakur

‎02-25-2014 06:25 AM

Anand,

On your 3925 can you try adding this line to your config:-

!

ip ssh dh min size 4096

!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card