Friday, March 4, 2011

How to fix this ssh error from a Cisco switch: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

Problem

ssh user@cisco_switch
returns:
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

Solution

The modulus of the ssh RSA key pair on the switch is too small. If you have access, generate a new key pair on the switch with a larger modulus.

Procedure

  1. Login with ssh protocol version 1 (ssh space dash one):
    ssh -1 user@cisco_switch
  2. (On the switch):
    enable
  3. (On the switch): Authenticate to "Privileged Exec Mode" mode on the switch.
  4. (On the switch):
    conf t
  5. (On the switch):
    crypto key generate rsa general-keys modulus 1024
  6. (On the switch): Press enter to accept that the current key pair for the switch will be replaced.
You now should be able to log into the switch with ssh protocol version 2.