We're attempting to SSH from a Cisco 2960S to an SRX240, and are having some issues. The error we're seeing on the switch is:
ops-switch1#ssh -l root 10.10.10.1[Connection to 10.10.10.1 aborted: error status 0]ops-switch1#*Mar 19 04:24:29.871 UTC: SSH2 CLIENT 0: Server has chosen 2056 -bit dh keys*Mar 19 04:24:29.871 UTC: %SSH-3-INV_MOD: Invalid modulus length
Does anyone know what this means, exactly? And is there any way to work around this?
Thanks in advance,
Sounds like an issue with your DH key size.
Could you try this
cisco(config)# ip ssh dh min size 4096
You could also check the minimum expected Diffie Hellman key size running
#sh ip ssh
SSH Enabled - version 2.0Authentication methods:publickey,keyboard-interactive,passwordEncryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbcMAC Algorithms:hmac-sha1,hmac-sha1-96Authentication timeout: 120 secs; Authentication retries: 3Minimum expected Diffie Hellman key size : 1024 bits