ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spectrum Network Configuration Manager (NCM) SSH is failing with "Invalid Key Length" error

book

Article ID: 133323

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

After upgrading to Spectrum 10.3.2 we are seeing issues collecting configurations from devices. Device that worked on 10.2.3 are now reporting an "Invalid Key Length" error when attempting to SSH to the device.

Cause

In Spectrum 10.3.1 the Cygwin package is upgraded which leads to an upgrade to OpenSSH 7.4 which restricts the minimum key size as 1024.  

Reference release note: https://www.openssh.com/txt/release-7.4 


OpenSSH 7.4, does not provide an option to alter the minimum key size. The main reason for this restriction is a key size less than 1024 is vulnerability to attack (Logjam attack).

Supportive links :  

Logjam attack: https://en.m.wikipedia.org/wiki/Logjam_(computer_security)

Key size: https://en.m.wikipedia.org/wiki/Key_size#Key_size_and_encryption_system

Environment

Release : Spectrum 10.3.1 and greater

Component : Spectrum Applications

Resolution

It is recommended to generate new SSH keys using ssh-keygen on all problematic devices. The following command will generate a new SSH key on a single device: 

yes y |ssh-keygen -q -t rsa -b 1028 -N '(passphrase)' )/dev/null