Saturday, November 21, 2009
Woo hoo, Cisco!
We finally installed a new Cisco router to replace our last Riverstone router in our network. I pre-configured the router and the replacement went fairly smoothly.
In, out, nobody got hurt. Just how I like it.
Later on I go to log into the router (to backup the configuration):
[spc]lucy:~>ssh core02.rt.bct.XXXXXXXXXXX The authenticity of host 'core02.rt.bct.XXXXXXXXXXX (XXXXXXXXXXXXXX)' can't be established. RSA key fingerprint is f0:3f:06:c8:ee:7d:40:55:38:57:a4:5c:bd:d6:81:a2. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'core02.rt.bct.XXXXXXXXXXX,XXXXXXXXXXXXXX' (RSA) to the list of known hosts. ssh_rsa_verify: RSA modulus too small: 512 minimum 768 bits [spc]lucy:~>
What the?
Turns out that ssh 2 requires a minimum key length of 768
bits, but Cisco defaults to key lengths of 512 bits.
Way to go, Cisco! Woot!
To get in, I just logged into an adjacent router, then used that router's
version of ssh (which works just fine with 512 bit keys,
breaking the ssh 2 standard), which allowed me to clear the
existing key (crypto key zeroize rsa) so I could regenerate a
larger key.
