RE: SSH question

From: Daniel Kutchin (daniel@kutchin.com)
Date: Wed Mar 11 2009 - 19:31:49 ARST

• Next message: אשד אלוני: "Re: BGP Track ?"
• Previous message: Hotmail: "RE: BGP Track ?"
• Maybe in reply to: ma59 us: "SSH question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi -

Probably you've got the answer to your question already.

Below are my notes concerning ssh v1 and v2 (you only must generate
a key equal to or higher than 768 bit to enable ssh v2)

By the way, ssh v2 is v1 inclusive (i.e you don't need to enable
v1 separately once v2 is enabled).

Let me know if you need further explanation.

<--- ssh notes --->

RACK1R2#ssh -v 2 -l rack1 1.1.7.7 <-- R2 is ssh clt
[Connection to 1.1.7.7 aborted: error status 0]
RACK1R2#Server's public key below the mandatory size of 768 bits!
*Jan 29 20:51:40.938: SSH2 CLIENT 0: signature verification failed, status
-1

RACK1SW1(config)#do sh ip ssh
SSH Enabled - version 1.99 <-- this ssh v2
Authentication timeout: 120 secs; Authentication retries: 3
RACK1SW1(config)#ip ssh ve 2
RACK1SW1(config)#
*Mar 1 05:52:29.634: SSH2 0: Unexpected mesg type received
RACK1SW1(config)#
*Mar 1 05:52:29.634: %SSH-5-SSH2_SESSION: SSH2 Session request from 1.1.2.2
(tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' Failed <---
still cannot login w/ v2 clt req, generate a stronger key
RACK1SW1(config)#do sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
RACK1SW1(config)#

[ Regenerate a stronger key ]

RACK1SW1(config)#cry key zeroize rsa <--- deletes key
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes
RACK1SW1(config)#
*Mar 1 06:01:57.677: %SSH-5-DISABLED: SSH 2.0 has been disabled
RACK1SW1(config)#do sh cry key m r
                 <---- empty
RACK1SW1(config)#
RACK1SW1(config)#cry key ge r
The name for the keys will be: RACK1SW1.rack1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024 <--- 512 generate ssh v1
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
RACK1SW1(config)#
*Mar 1 06:05:38.532: %SSH-5-ENABLED: SSH 2.0 has been enabled <--- ssh v2
RACK1SW1(config)#
RACK1SW1(config)#do sh ssh
Connection Version Mode Encryption Hmac State
Username
0 2.0 IN aes128-cbc hmac-sha1 Session started rack1
0 2.0 OUT aes128-cbc hmac-sha1 Session started rack1
%No SSHv1 server connections running.
RACK1SW1(config)#

</--- ssh notes ---->

-
Daniel

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of ma59
us
Sent: Mittwoch, 11. Mdrz 2009 07:15
To: ccielab@groupstudy.com
Subject: SSH question

Hi,

I have a question that SSH version 1 is supported in CISCO IOS as per the
docs. cd but when we do show IP SSH showing version 2 any idea or support ?

Thanks in advance.

MA

• Next message: אשד אלוני: "Re: BGP Track ?"
• Previous message: Hotmail: "RE: BGP Track ?"
• Maybe in reply to: ma59 us: "SSH question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART