Preview Tool

Cisco Bug: CSCut28334 - SSH keysize issue in PI 2.2

Last Modified

Dec 20, 2018

Products (1)

  • Cisco Prime Infrastructure

Known Affected Releases

2.1(0.0) 2.2(0.0.69)

Description (partial)

Prime Infrastructure may fail to correctly sync to a number of IOS devices that have "ip ssh dh min size 2048" configured.  In effected devices, the following message may be displayed:

%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with minimum configured DH key on server

This is most commonly seen on 892, 1811 and 2811 routers, as well as 6500 series switches.

Related Community Discussions

<key>CSCut28334</key> - SSH keysize issue in PI 2.2
Hello!   For Catalyst9300, default is 2048, and cannot bring it lower. Any ideas how to make prime compatible with Catalyst9300? ----------------- sw-c93(config)#ip ssh dh min size ?   2048  Diffie Group 14 2048-bit key   4096  Diffie Group 16 4096-bit key ----------------- Thanks, Antal
Latest activity: May 17, 2018
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.