On a Cisco Nexus device, fixing the “Bad server host key: Invalid key length” issue typically involves verifying and potentially regenerating the SSH keys on the device. Here are the steps you can follow:
1. Verify SSH Key Length and Type
Cisco Nexus devices support various types of SSH keys, such as RSA and DSA. Verify that the keys are of appropriate length and type. The supported lengths are generally 2048 or 4096 bits for RSA keys.
2. Regenerate SSH Keys
If the keys are outdated or corrupted, you might need to regenerate them. To regenerate SSH keys on a Cisco Nexus device:
- Connect to the Device
Connect to the Cisco Nexus device via console or an existing SSH session.
- Enter Global Configuration Mode
configure terminal
- Regenerate the RSA Key
First, delete the existing key:
no ssh key rsa
Then, generate a new key:
ssh key rsa 2048 force
- Save the Configuration
copy running-config startup-config
3. Update SSH Client Known Hosts
If you encounter issues with the known_hosts file on the SSH client side, you might need to remove the old key. You can use the following command on the client to remove the old key associated with the Nexus device’s IP or hostname:
ssh-keygen -R <hostname_or_ip>
4. Check SSH Configuration
Ensure that the SSH configuration on the Cisco Nexus device is correct:
show running-config | include ssh
Verify that SSH is enabled and the correct keys are being used. If necessary, you can explicitly specify the key type and length in the configuration.
5. Enable Debugging
If the problem persists, you can enable debugging on the Nexus device to get more information about the SSH connection attempts:
debug ip ssh
Remember to disable debugging after you have gathered the necessary information:
undebug all
By following these steps, you should be able to resolve the “Bad server host key: Invalid key length” issue on a Cisco Nexus device. If the problem continues, providing more details about the device model and software version may help in further troubleshooting.
