Cannot ssh into cisco switch: Invalid key length

ssh switch cisco legacy

For some reason I cannot ssh into a Cisco Catalyst C3750 Switch. This is the error message, that I get:

   ssh_dispatch_run_fatal: Connection to 192.168.7.6 port 22: Invalid key length

This is the SSH config, that I am using:

   Host 192.168.7.6
   IdentitiesOnly yes
   KexAlgorithms=+diffie-hellman-group1-sha1

My SSH-Version is:

   OpenSSH_7.6p1, OpenSSL 1.1.0h-fips  27 Mar 2018

I already ran:

   crypto key generate rsa

on the switch and generated a 2048 length key, but this did not help. I also reloaded the switch.

Thanks


Solution 1:

openssh refuses the key length less than 1024 bits starting 7.6. https://www.openssh.com/txt/release-7.6

If you use ubuntu, you can install openssh-client-ssh1, then use ssh1 command instead of ssh.

sudo apt install openssh-client-ssh1

Solution 2:

Had the same issue and it was because of a key length of 768bit. To verify that you are really using your 2048bit key:

ssh-keyscan <router|switch-ip> > rkey.txt
ssh-keygen -lf rkey.txt

This will tell you the actual key length.

Related

IIS 7.5 FTPS external access - 534 Policy requires SSL
Couldn't find package gitolite on Ubuntu 10.04
Can I host multiple sites on a single Linode server a la Dreamhost?
apache mod proxy to another domain with relative paths
Sharing SSL Certificates in a Cluster
Share Exchange/Outlook calendars between two different domains
WebResource.axd and ScriptResource.axd + 404 not found…
Apache mod_cache: Strip/ignore (only) Google Analytics cookies
Conditionally set client_max_body_size
How to make dovecot not ask passwords from localhost?
postgresql - Approach for 'live'/hot file backup?
Apache security - list all possible handlers / actions