I upgraded my Strawberry Perl to 5.24 and my GNS3 test lab for SSH access via CRAPPS suddenly didn't work.
Knowing the Perl version changed, I checked and the Net::SSH2 version changed (0.58 to 0.63). Troubleshooting was pretty easy - just a quick Perl script to open a connection and die on failure with error:
#!perl
use strict;
use warnings;
use Net::SSH2;
my $ssh2 = Net::SSH2->new();
$ssh2->connect('10.254.254.1') or $ssh2->die_with_error;
print "Success\n";
The error was: Unable to exchange encryption keys (-8 LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE). OK, so I said troubleshooting was easy ... the solution ... maybe not so much?
I figured it was a key exchange error (obviously), but how to go about fixing it? Was it a bug in Net::SSH2 XS code? I turned on debugging on the router:
R1# debug ip ssh
I tried to connect again and got a flood of debug info, the most useful being the last few lines:
May 4 22:06:06.987: SSH2 1: Invalid modulus length May 4 22:06:06.991: SSH2: Session disconnected - error 0x00
A bit of Google magic and I found I should set the Diffie–Hellman minimum size larger, so I tried:
R1# config term R1(config)# ip ssh dh min size 2048
It worked! Connections now worked with the new Net::SSH2 version, but would this break the old one? I switched to an older version of Perl installed on my system with Net::SSH2 0.58 and tried. It too worked! I'll keep the DH 2048 minimum size in my default configuration from now on.
Posts
No comments :
Post a Comment