* * * * *

                               Woo hoo, Cisco!

We finally installed a new Cisco [1] router to replace our last Riverstone
router in our network. I pre-configured the router and the replacement went
fairly smoothly.

In, out, nobody got hurt. Just how I like it.

Later on I go to log into the router (to backup the configuration):

> [spc]lucy:~>ssh core02.rt.bct.XXXXXXXXXXX
> The authenticity of host 'core02.rt.bct.XXXXXXXXXXX (XXXXXXXXXXXXXX)' can't
> be established.
> RSA key fingerprint is f0:3f:06:c8:ee:7d:40:55:38:57:a4:5c:bd:d6:81:a2.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'core02.rt.bct.XXXXXXXXXXX,XXXXXXXXXXXXXX' (RSA)
> to the list of known hosts.
> ssh_rsa_verify: RSA modulus too small: 512 minimum 768 bits
> [spc]lucy:~>
>

What the?

Turns out that ssh 2 requires a minimum key length of 768 bits, but Cisco
defaults to key lengths of 512 bits.

Way to go, Cisco! Woot!

To get in, I just logged into an adjacent router, then used that router's
version of ssh (which works just fine with 512 bit keys, breaking the ssh 2
standard), which allowed me to clear the existing key (crypto key zeroize
rsa) so I could regenerate a larger key.

[1] http://www.cisco.com/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.