IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
Latest post 08-24-2015 2:33 AM by Randy. 5 replies.
Page 1 of 1 (6 items)
Sort Posts: Previous Next
  • 08-23-2015 2:55 AM

    8.1 : SSH version 2

    Though I did the workbook exact configuration , I had ssh 1.5 as a result instead of 2.0 , can you think of why ?


    R7#sh ip ssh
    SSH Enabled - version 1.5
    Authentication timeout: 120 secs; Authentication retries: 3
    Minimum expected Diffie Hellman key size : 1024 bits
    IOS Keys in SECSH format(ssh-rsa, base64 encoded):
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQCn6ikgcwMwN2ifgWa2rqf/kQFUZnN5+k/XsXXDjV0e
    R7#sh ver
    Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S1, RELEASE SOFTWARE (fc1)

    Technical Support:
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Fri 28-Sep-12 14:39 by prod_rel_team

    • Post Points: 35
  • 08-23-2015 12:41 PM In reply to

    Re: 8.1 : SSH version 2

    Hi Yaser and All,

    Clients are able to gain access with either ssh v1 or ssh v2.

    R6(config)#ip ssh version ?
      <1-2>  Protocol version
    R6(config)#ip ssh version 2
    R6(config)#do show ip ssh
    SSH Enabled - version 2.0
    ssh server now operates in v2, only.   Turned off v1 operation.//RandyB  
    • Post Points: 5
  • 08-23-2015 1:43 PM In reply to

    Re: 8.1 : SSH version 2

    maybe only up to 1.5 version is supported by your ios. and not 2.0

    Randy gave u explanation. by default ios accepts multiple versions until u specify/tell which one to use.

    • Post Points: 20
  • 08-24-2015 1:30 AM In reply to

    Re: 8.1 : SSH version 2

    See the below , it is supporting 2 , however when I do the configuration it ask about the RSA key , although I have already generated the key !! , still the show version superisingly is shoing 1.5

    R7(config)#ip ssh ve
    R7(config)#ip ssh version ?
      <1-2>  Protocol version

    R7(config)#ip ssh version 2
    Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).

    • Post Points: 20
  • 08-24-2015 1:42 AM In reply to

    Re: 8.1 : SSH version 2

    make sure your RSA key is 768 bits; by default I think u create 512 bits.

    • Post Points: 20
  • 08-24-2015 2:33 AM In reply to

    Re: 8.1 : SSH version 2

    Hi All,

    Here are the 5 steps I'm using:   <I recall that other ways are possible; like naming the key>

    0)  create a hostname:            hostname R1

    1)  create a domain name:      ip domain name

    2)  generate a key:                 crypto key generate rsa modulous 768

    3)  enable ssh server:             <IOS automatically enables>

    4)  restrict to SSHv2:               ip ssh version 2

    What are the best commands to verify?  Guessing one should verify using show commands and debug commands.  As well as some "test" connections using ssh client v1 and v2.

    • Post Points: 5
Page 1 of 1 (6 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved