02-01-2011 02:53 AM
I have generated RSA keys and since SSH is enabled by default it should work fine. But somehow Putty hangs when i establish the session using Putty. SecureCRT gives the following error
"Hostkey algorithm or bit size is not supported, the hostkey is corrupt, or is otherwise unusable"
Note: Error occours just by establishing session. It does not even prompt for username and password.
Deletion and re-generation of key (on ADX-4K) did not resolve the issue. Decreasing the bitsize (on ADX-4K) do not resolve this issue as well.
Can someone point out any mistake or recommendations in this scenario.
02-01-2011 03:16 AM
suggest you try this;
ServerIronADX(config)# crypto key zeroize rsa
ServerIronADX(config)# ip ssh key-size 896
ServerIronADX(config)# crypto key generate rsa
ServerIronADX(config)# write mem
Then test again.
Note zerosize removes the current config
Note SSH is not enable by default (using crypto key gen rsa does enable it though).
Key-size default is 768 bits
02-01-2011 03:36 AM
Well I have done this process multiple times but to no use. I have tried 512, 768 and 1024 bit length as well but still its not working.
Any other options that might help.
02-01-2011 03:44 AM
1024 will not work as 896 bits is the max size.
Did you enter the zerosize first before changing keysize? This need to be done first I beleive.
Other then doing as I stated the only other thing I can suggest you check is the verison of the SSH client/s you are using.
At a minimum, the following SSH clients are supported for inbound connections:
• F-Secure 5.3
• Secure Shell 3.2.3
• SecureCRT 4.0
• PuTTY 0.54
• Tera Term Pro 3.1.3
I have not had any issue setting up SSH access on Brocade devices but I have not tried on SI-4k-ADX.
02-02-2011 03:57 AM
Proceed as below:
1) Zeroize the key (dsa, not rsa)
5) Try to ssh using both putty and SecureCRT
02-02-2011 10:14 PM
You were spot on.
But this is strange. Brocade Admin guide mentions to generate rsa keys but instead generating dsa keys resolved the issue
02-03-2011 09:41 AM
You're right. The documentation is misleading however that should change soon as they're working on the documentation.
A bit of history: