SSH version 2

usskenet · ‎08-06-2014

Good morning,

guys please help me.

Output from my router:

SSH enabled - version 1.99

When I connect to this router from my linux by command ssh username@hostname I get

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

I've already issued command crypto key generate rsa with modulus 1024bits. But it doesnt help.

Please, some idea?

Thanks!

(I connect with command ssh -1 username@hostname)

josephsmar1 · ‎08-06-2014

Have you tried not using the -1 since the change? Also when you issued crypto key generate rsa with modulus 1024bits it should have asked you to replace the current key, did you say yes?

usskenet · ‎08-06-2014

Thanks for your reply.

Yes of course, I answered yes on this question and it doesnt help. I tried it after that without -1 and no change.

Still same output:

ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

josephsmar1 · ‎08-06-2014

Is this the procedure you used on the router?

Updated procedure:

C2950T-24#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C2950T-24(config)#aaa new-model
C2950T-24(config)#username myuser password 0 mypass
C2950T-24(config)#line vty 0 4
C2950T-24(config-line)#transport input telnet
C2950T-24(config-line)#transport input ssh
C2950T-24(config-line)#exit
C2950T-24(config)#ip domain-name taosecurity.com
C2950T-24(config)#cry key generate rsa
The name for the keys will be: C2950T-24.taosecurity.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
Generating RSA keys ...
[OK]

01:12:54: %SSH-5-ENABLED: SSH 1.99 has been enabled
C2950T-24(config)#ip ssh time-out 60
C2950T-24(config)#ip ssh authentication-retries 2
C2950T-24(config-line)#end