Preview Tool

Cisco Bug: CSCuo76464 - IOS:SSH Clients with larger DH keylength can not connect

Last Modified

Apr 30, 2020

Products (150)

  • Cisco IOS
  • Cisco Catalyst 3560X-48U-S Switch
  • Cisco Catalyst 2960X-24PD-L Switch
  • Cisco Catalyst 2960S-24PD-L Switch
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Catalyst 3560CG-8TC-S Compact Switch
  • Cisco Catalyst 2960S-F48FPS-L Switch
  • Cisco Catalyst 3560X-48T-E Switch
  • Cisco Catalyst 2960C-12PC-L Switch
  • Cisco IE 2000-16TC-G Industrial Ethernet Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(2)E n/a

Description (partial)

Symptom:SSH clients configured for stronger ciphers may fail to connect to the router, resulting in a syslog message "%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on server".

Conditions:Using modern SSH clients.

Related Community Discussions

SSH2 issues
Any idea how to resolve this? I can't seem to ssh into the router, and consoling in yields the following error message. Running cat4500e-entservicesk9-mz.151-1.SG.bin on a 4948.     *Dec 31 17:32:39 PST: SSH2 0: input: padlength 6 bytes *Dec 31 17:32:39 PST: SSH2 0: SSH2_MSG_KEXINIT received *Dec 31 17:32:39 PST: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1 *Dec 31 17:32:39 PST: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1 *Dec 31 17:32:39 PST: SSH2 0: ssh_receive: 24 bytes received ...
Latest activity: Oct 14, 2014
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.