SRX Services Gateway
SRX Services Gateway

Issues using SSH from Cisco switch to SRX

‎10-23-2012 04:48 PM

Hello all,

 

We're attempting to SSH from a Cisco 2960S to an SRX240, and are having some issues. The error we're seeing on the switch is:

 

ops-switch1#ssh -l root 10.10.10.1

[Connection to 10.10.10.1 aborted: error status 0]
ops-switch1#
*Mar 19 04:24:29.871 UTC: SSH2 CLIENT 0: Server has chosen 2056 -bit dh keys
*Mar 19 04:24:29.871 UTC: %SSH-3-INV_MOD: Invalid modulus length

 

Does anyone know what this means, exactly? And is there any way to work around this?

 

Thanks in advance,

James

 

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Issues using SSH from Cisco switch to SRX

‎02-11-2019 08:24 AM

Sounds like an issue with your DH key size.

Could you try this

 

cisco(config)# ip ssh dh min size 4096

 

You could also check the minimum expected Diffie Hellman  key size running

 

#sh ip ssh           

            
SSH Enabled - version 2.0
Authentication methodsSmiley Tongueublickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits