search cancel

Spectrum Network Configuration Manager (NCM) SSH is failing with "Invalid Key Length" error


Article ID: 133323


Updated On:


CA Spectrum


After upgrading to Spectrum 10.3.2 we are seeing issues collecting configurations from devices. Device that worked on 10.2.3 are now reporting an "Invalid Key Length" error when attempting to SSH to the device.


In Spectrum 10.3.1 the Cygwin package is upgraded which leads to an upgrade to OpenSSH 7.4 which restricts the minimum key size as 1024.  

Reference release note: 

OpenSSH 7.4, does not provide an option to alter the minimum key size. The main reason for this restriction is a key size less than 1024 is vulnerability to attack (Logjam attack).

Supportive links :  

Logjam attack:

Key size:


Release : Spectrum 10.3.1 and greater

Component : Spectrum Applications


It is recommended to generate new SSH keys using ssh-keygen on all problematic devices. The following command will generate a new SSH key on a single device: 

yes y |ssh-keygen -q -t rsa -b 1028 -N '(passphrase)' )/dev/null