Unable to SSH into a Cisco switch using Mac OS?

Well, me either until I unleashed a little GoogleFu and thank you Troy Fontaine as his post here pointed me in the right direction.

NB: I really should not have had to do anything, but I did and I have documented it so that anyone else falling into this trap can stumble across this guide.

This is a brand new, Cisco Systems 2960 switch, running the below code:
Switch#sh version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 13:06 by prod_rel_team

Last night I set up the switches in the lab, dropped them into a stack, added IP addresses and gateway information and thought that I’d just SSH in from home and finish the job remote. Today I attempted to SSH in, and no, not as easy at that:
Mac:~ user$ ssh -l username
ssh_dispatch_run_fatal: Connection to port 22: Invalid key length
Mac:~ user$

Damn, ok so that is not going to work from my Mac (10.14.2). So I jumped onto another device, one with loose settings when it comes to SSH and boom, straight in. Time to fix the issues.

Step one is assign a domain on the switch, without this keygen will fail:
Switch(config)#crypto key generate rsa modulus 4096
% Please define a domain-name first.

Urgh, ok ok:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip domain-name blah
Switch(config)#crypto key zeroize
% All keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes
Switch(config)#crypto key generate rsa modulus 4096
The name for the keys will be: Switch.blah

% The key modulus size is 4096 bits
% Generating 4096 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 236 seconds)


Lets try that SSH access one last time:
Mac:~ user$ ssh -l username
The authenticity of host ' (' can't be established.
RSA key fingerprint is SHA256:D0d9JoNUK16sS9XzAtTQ+L2EnSQVKz1shw6BgK9LPzo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.



Hopefully this comes in handy for someone in the future…

PS, yes I re-ran the entire procedure and generated new keys.

4 thoughts on “Unable to SSH into a Cisco switch using Mac OS?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s