Friday, March 4, 2011

How to fix this ssh error from a Cisco switch: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

Problem

ssh user@cisco_switch
returns:
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

Solution

The modulus of the ssh RSA key pair on the switch is too small. If you have access, generate a new key pair on the switch with a larger modulus.

Procedure

  1. Login with ssh protocol version 1 (ssh space dash one):
    ssh -1 user@cisco_switch
  2. (On the switch):
    enable
  3. (On the switch): Authenticate to "Privileged Exec Mode" mode on the switch.
  4. (On the switch):
    conf t
  5. (On the switch):
    crypto key generate rsa general-keys modulus 1024
  6. (On the switch): Press enter to accept that the current key pair for the switch will be replaced.
You now should be able to log into the switch with ssh protocol version 2.

No comments:

Post a Comment