Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 10
Registered: ‎06-05-2010

SSH not working on ADX 4000

Hi,

I have generated RSA keys and since SSH is enabled by default it should work fine. But somehow Putty hangs when i establish the session using Putty. SecureCRT gives the following error

"Hostkey algorithm or bit size is not supported, the hostkey is corrupt, or is otherwise unusable"

Note: Error occours just by establishing session. It does not even prompt for username and password.

Deletion and re-generation of key (on ADX-4K) did not resolve the issue. Decreasing the bitsize (on ADX-4K) do not resolve this issue as well.

Can someone point out any mistake or recommendations in this scenario.

Regards,

Owais

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: SSH not working on ADX 4000

suggest you try this;

ServerIronADX(config)# crypto key zeroize rsa

ServerIronADX(config)# ip ssh key-size 896

ServerIronADX(config)# crypto key generate rsa

ServerIronADX(config)# write mem

Then test again.

Note zerosize removes the current config

Note SSH is not enable by default (using crypto key gen rsa does enable it though).

Key-size default is 768 bits

Thanks Michael

Occasional Contributor
Posts: 10
Registered: ‎06-05-2010

Re: SSH not working on ADX 4000

Well I have done this process multiple times but to no use. I have tried 512, 768 and 1024 bit length as well but still its not working.

Any other options that might help.

Regards,

Owais

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: SSH not working on ADX 4000

Ho Owais,

     1024 will not work as 896 bits is the max size.

     Did you enter the zerosize first before changing keysize?  This need to be done first I beleive.

     Other then doing as I stated the only other thing I can suggest you check is the verison of the SSH client/s you are using.

At a minimum, the following SSH clients are supported for inbound connections:

F-Secure 5.3

Secure Shell 3.2.3

SecureCRT 4.0

PuTTY 0.54

Tera Term Pro 3.1.3

OpenSSH_3.5p1

I have not had any issue setting up SSH access on Brocade devices but I have not tried on SI-4k-ADX.

Thanks

Michael.

Occasional Contributor
Posts: 11
Registered: ‎06-29-2009

Re: SSH not working on ADX 4000

Hi Owais,

Proceed as below:

1) Zeroize the key (dsa, not rsa)

ADX4000(config)#crypto key zeroize dsa
2) Re-generate the key
ADX4000(config)#crypto key generate dsa
3)Verify the key is there:
telnet@ADX4000(config)#sh run | b BEGIN
4) Try again, if it's still not working you want to engage Support and provide the following output along with a save tech.
To gather the necessary output:
ADX4000#ptrace term
debug output is now sent to this terminal
ADX4000#ptrace aaa
specified trace was turned ON

ADX4000#debug ip ssh
          SSH:  debugging is on
ADX4000#debug destination console

5) Try to ssh using both putty and SecureCRT

Salvo

Occasional Contributor
Posts: 10
Registered: ‎06-05-2010

Re: SSH not working on ADX 4000

Hi Salvo,

You were spot on.

But this is strange. Brocade Admin guide mentions to generate rsa keys but instead generating dsa keys resolved the issue

Thanks alot.

Regards,

Owais

Occasional Contributor
Posts: 11
Registered: ‎06-29-2009

Re: SSH not working on ADX 4000

Hi Owais,

You're right. The documentation is misleading however that should change soon as they're working on the documentation.

A bit of history:

For JetCore ServerIron, prior to 9.5.02a, when SI supported only SSHv1 "crypto key generate rsa" was the correct method to enable the software's SSH server capability.
Starting in 9.5.02a, support for SSHv1 has been deprecated and SI only supports SSHv2, both for SSH CLI and SCP copying of SSL certificatess and keys.
Since then "crypto key generate dsa" has been the only method of enabling SSH service.
"crypto key generate rsa" is still needed for GSLB communication.

/Salvo

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook