ssh_rsa_verify: RSA modulus too small: 512 (lt) minimum 768 bits

Question

ibl-r0-sw1# sh ip ssh
SSH Server enabled. Port: 22
RSA key was generated.
DSA(DSS) key was generated.

(snip)

# ssh 10.10.10.9
The authenticity of host '10.10.10.9 (10.10.10.9)' can't be established.
RSA key fingerprint is 0f:44:91:27:b2:51:65:91:c1:45:53:d0:a3:62:0b:df.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.9' (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 minimum 768 bits
key_verify failed for server_host_key

According to: http://taosecurity.blogspot.com/2005/03/using-ssh-version-2-on-cisco-routers.html

You can specify the size, but the switch never asks, nor does it appear to be a command line option. How can we generate a reasonable (>1024bit) key?

~tommy

fbequet · Answer

I have the same problem with PowerConnect 5324.

SW version 2.0.0.40 ( date 16-Jan-2007 time 12:24:45 )
Boot version 1.0.2.02 ( date 23-Jul-2006 time 16:45:47 )
HW version 00.00.02

Any idea ?

Message Edited by fbequet on 10-10-2007 05:31 PM

dani2000 · Answer

I have the also same problem with PowerConnect 5324.   isn't it possible to generate a host key longer than 512 bit?   i can't connect to my switch with open ssh as long as the host key from the PC 5324 is shorter then 768 bit

TommyTheKid · Answer

You probably won't like this answer, but we decided that we would move to Force 10 Networks. I believe in solving problems with money, because thats the only thing that corporations understand. If you want our interim solution, we were able to use a Cyclades serial console to ssh in properly and just disabled the onboard SSH administration. I would welcome anyone who has a *real* answer from DELL, but that would require someone with a large support contract to get their attention.

Tommy

Message Edited by TommyTheKid on 11-29-2007 03:33 PM

vetcats · Answer

Has anyone received an answer for this problem?  I am having the same issue with the 5324 SW version 2.0.0.40 Boot version 1.0.2.02 HW version 00.00.02   Thanks Steve

georgescua · Answer

Hi

I have the same problem after I downloaded a configuration file to 5324 from TFTP server. Before the download the SSH and https servers worked fine ... after ... I can connect only with the console. After many tries to regenerate rsa and dsa keys I was able to connect via https but no luck with SSH.

maybe a Dell guy will read this subject and will give us a solution

My sw has:

SW version 2.0.0.40

Boot version 1.0.2.02

Message Edited by georgescua on 01-23-2008 06:45 PM

Networking General

ssh_rsa_verify: RSA modulus too small: 512 (lt) minimum 768 bits

Was this post helpful?