Technical Tip: Older Switches May Support SSH Version 1 Only
Description
This article describes that older Switches May Support SSH Version 1 Only.
Scope
FortiNAC.
Solution
Issue: Communication issues with older switches when attempting to connect using SSH v2.
Symptoms can include:
- Failure to read tables
- Failure to switch Vlans
- Validating Credentials via Administrative UI fails.
To verify, attempt to connect to the switch via Network Sentry's CLI using SSH.
ssh bradford@10.250.254.31
The switch may only support SSH v1 if the following message is returned:
The authenticity of host '10.250.254.31 (10.250.254.31)' can't be established.
RSA key fingerprint is 8c:74:65:d8:f1:79:18:85:a4:7e:13:e4:40:39:e1:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.250.254.31' (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
RSA key fingerprint is 8c:74:65:d8:f1:79:18:85:a4:7e:13:e4:40:39:e1:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.250.254.31' (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
Workaround:
Specify v1 when attempting to connect.
ssh -1 bradford@10.250.254.31
A successful login prompt will be presented if the switch only supports SSH v1.
Solution: Change the protocol to SSH1 in the Model Configuration of the switch.
Solution: Change the protocol to SSH1 in the Model Configuration of the switch.
- In the Administrative UI, navigate to Network Devices > Topology
- Select the switch and select the Credentials tab or 'right-click' and select Model Configuration.
- Under Protocol, select SSH 1 from the Type drill down.
- Select 'APPLY'.
To validate, select the Credentials tab and select Validate Credentials.