8.1 : SSH version 2

Though I did the workbook exact configuration , I had ssh 1.5 as a result instead of 2.0 , can you think of why ?

 

R7#sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQCn6ikgcwMwN2ifgWa2rqf/kQFUZnN5+k/XsXXDjV0e
VomwDnPVVTSRBtZR2nEhPRg+Tq9EjF8F8ejB/kewfVob                                   
R7#sh ver
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Fri 28-Sep-12 14:39 by prod_rel_team

Comments

  • Hi Yaser and All,

    Clients are able to gain access with either ssh v1 or ssh v2.



    R6(config)#ip ssh version ?

      <1-2>  Protocol version



    R6(config)#ip ssh version 2

    R6(config)#do show ip ssh

    SSH Enabled - version 2.0



    ssh server now operates in v2, only.   Turned off v1 operation.//RandyB  
  • MartinlMartinl ✭✭✭

    maybe only up to 1.5 version is supported by your ios. and not 2.0

    Randy gave u explanation. by default ios accepts multiple versions until u specify/tell which one to use.

  • See the below , it is supporting 2 , however when I do the configuration it ask about the RSA key , although I have already generated the key !! , still the show version superisingly is shoing 1.5


    R7(config)#ip ssh ve
    R7(config)#ip ssh version ?
      <1-2>  Protocol version

    R7(config)#ip ssh version 2
    Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
    R7(config)#

  • MartinlMartinl ✭✭✭

    make sure your RSA key is 768 bits; by default I think u create 512 bits.

  • Hi All,

    Here are the 5 steps I'm using:   <I recall that other ways are possible; like naming the key>

    0)  create a hostname:            hostname R1

    1)  create a domain name:      ip domain name myname.edu

    2)  generate a key:                 crypto key generate rsa modulous 768

    3)  enable ssh server:             <IOS automatically enables>

    4)  restrict to SSHv2:               ip ssh version 2

    What are the best commands to verify?  Guessing one should verify using show commands and debug commands.  As well as some "test" connections using ssh client v1 and v2.

Sign In or Register to comment.