Running into two separate but probably similar issues.
First issue –
I have two Cisco 2900 Series routers on firmware v15.2(4)M4 trying to ssh into a Dell 5548P stack on firmware v4.1.0.8. All attempts fail instantly with –
router#ssh 1.2.3.4
[Connection to 1.2.3.4 aborted: error status 0]
Buffer log shows –
SSH2 CLIENT 0: Server has chosen 2056 -bit dh keys
%SSH-3-INV_MOD: Invalid modulus length
If I try to modify the DH key length on the router, attempts still fail and buffer log shows –
SSH2 CLIENT 0: Server has chosen 2056 -bit dh keys
%SSH-3-INV_MOD: Invalid modulus length
%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on server
SSH config on router –
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa keystringgoeshere
SSH config on 5548P stack –
SSH Server enabled. Port: 22
RSA key was generated.
DSA(DSS) key was generated.
SSH Public Key Authentication is disabled.
There don't seem to be any in-depth settings related to the ssh server here that I can modify.
—
Second issue –
I have another two Cisco 2900 Series routers at a different site on firmware v15.4(3)M3 trying to ssh into a Dell N1548P stack on firmware v6.3.0.6. All attempts fail with –
router#ssh 5.6.7.8
Password:
[Connection to 5.6.7.8 aborted: error status 0]
Buffer log shows –
SSH2 CLIENT 0: Channel open failed, reason = 1752134516
SSH config on router –
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa keystringgoeshere
SSH config on N1548P stack –
SSH Server enabled. Port: 22
Protocol Levels: Versions 1 and 2.
SSH Connections Currently in Use: ............. 1
Maximum number of SSH Sessions Allowed: ....... 5
SSH Session Timeout: .......................... 600
RSA key was generated.
DSA key was generated.
SSH Public Key Authentication is disabled.
In this particular scenario, if I modify the router to use SSH v1, it's able to connect. Using v2, it's not. Of course, we don't want to use v1. I haven't been able to figure out what reason "1752134516" means.
—
Note that I'm able to SSH into both switch stacks directly. It's only the routers that aren't able to connect.
Thanks for any help.
Best Answer
please try by this command to change size
in other wise 2048 can change to you required length of modules