We finally installed a new Cisco [1] router to replace our last Riverstone router in our network. I pre-configured the router and the replacement went fairly smoothly.
In, out, nobody got hurt. Just how I like it.
Later on I go to log into the router (to backup the configuration):
>
```
[spc]lucy:~>ssh core02.rt.bct.XXXXXXXXXXX
The authenticity of host 'core02.rt.bct.XXXXXXXXXXX (XXXXXXXXXXXXXX)' can't
be established.
RSA key fingerprint is f0:3f:06:c8:ee:7d:40:55:38:57:a4:5c:bd:d6:81:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'core02.rt.bct.XXXXXXXXXXX,XXXXXXXXXXXXXX' (RSA)
to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 minimum 768 bits
[spc]lucy:~>
```
What the?
Turns out that ssh 2 requires a minimum key length of 768 bits, but Cisco defaults to key lengths of 512 bits.
Way to go, Cisco! Woot!
To get in, I just logged into an adjacent router, then used that router's version of ssh (which works just fine with 512 bit keys, breaking the ssh 2 standard), which allowed me to clear the existing key (crypto key zeroize rsa) so I could regenerate a larger key.