* * * * *
                                        
                                Woo hoo, Cisco!
                                        
We finally installed a new Cisco [1] router to replace our last Riverstone
router in our network. I pre-configured the router and the replacement went
fairly smoothly.

In, out, nobody got hurt. Just how I like it.

Later on I go to log into the router (to backup the configuration):

> [spc]lucy:~>ssh core02.rt.bct.XXXXXXXXXXX
> The authenticity of host 'core02.rt.bct.XXXXXXXXXXX (XXXXXXXXXXXXXX)' can't
> be established.
> RSA key fingerprint is f0:3f:06:c8:ee:7d:40:55:38:57:a4:5c:bd:d6:81:a2.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'core02.rt.bct.XXXXXXXXXXX,XXXXXXXXXXXXXX' (RSA)
> to the list of known hosts.
> ssh_rsa_verify: RSA modulus too small: 512 minimum 768 bits
> [spc]lucy:~>
> 

What the?

Turns out that ssh 2 requires a minimum key length of 768 bits, but Cisco
defaults to key lengths of 512 bits.

Way to go, Cisco! Woot!

To get in, I just logged into an adjacent router, then used that router's
version of ssh (which works just fine with 512 bit keys, breaking the ssh 2
standard), which allowed me to clear the existing key (crypto key zeroize
rsa) so I could regenerate a larger key.

[1] http://www.cisco.com/

Email Sean Conner at sean@conman.org

.