Devolutions ForumDevolutions Forum

The server's RSA key (896 bits) is weaker than the expected minimum (1024 bits)

The server's RSA key (896 bits) is weaker than the expected minimum (1024 bits)

avatar
krsi

After upgrading RDM from 11.5.4.0 to 12.6.8.0 we are no longer able to connect using SSH to some of our switches. Instead, the message that can be seen in the attached screenshot is displayed. The message is:
"Unable to connect. Verify your settings.
Negotiation failed. The server's RSA key (896 bits) is weaker than the expected minimum (1024 bits)."
I have looked for settings to override this behaviour, but so far I have found none. Is it possible to do so, or do we need to upgrade the firmware of the affected switches to support a stronger RSA key?

RDMSSH.png

All Comments (9)

avatar
David Hervieux

Hi,
I think that the third party that we use now reject weak RSA key by default. I will check if we can set an option for that. The workaround could be with our SSH entry type. It's based on Putty but with our own implementation.

Regards

David Hervieux

avatar
Hubert Mireault

Hello,

I checked and the third party provides a way to change the behavior, so this should work like before in RDM 13.

Regards,

Hubert Mireault

avatar
Michael L

We are now getting this after upgrade to RDM 13.0.6.0
Negotiation failed. The server's RSA key (768 bits) is weaker than the expected minimum (1024 bits)."

avatar
Jeff Dagenais

@Michael Leeming,

What type of session are you using?

Could you try our SSH Shell session type. This is our own integration of Putty and you should not receive any error using this type of session.
https://help.remotedesktopmanager.com/sessions_sshshell.htm

Best regards,

Jeff Dagenais

avatar
Michael L

It is a SSH Shell (Rebex) session type, it has been our preferred session type for SSH a long time, I have on and off tried "SSH Shell" session type, but always issues with it not closing automatically etc.
I tried changing preferred host key algorithm inside Advanced tab of Rebex, after setting this to "Certificate" instead of "RSA" it now works.
I expect we only need to change this on few Rebex sessions, depends on the type and aged of the host we connect to.

BR

Michael Leeming

avatar
Michael L

Btw. it also works when I choose DSS

avatar
Jeff Dagenais

Hello,

You can also try the latest beta of RDM
https://remotedesktopmanager.com/home/download#Beta

Best regards,

Jeff Dagenais

avatar
Michael L

Ok, but I want to fully test RDM 13.0.6.0 right now, as I have a test environment running with DVLS 4.7.0.1
Because I don't want everyone in our company to run on Beta versions, and we need to start using RDM 13 before too much has changed at once.
1st step to to verify RDM 13, to allow DVLS upgrade in production.
After this I will be able to install Beta versions for my own use like I used to do with RDM 12 Beta versions.

Thank you...

avatar
Jeff Dagenais

Hello,

Sorry, I have read your previous post to fast. I don't know why, but I didn't see the section when you mentioned that selecting "certificate" instead of "RSA" made your connection functional again.

If you need to change this configuration on several sessions, it may be possible to do this via PowerShell.

Let us know if you need help for this.

Best regards,

Jeff Dagenais