cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSH-RSA Depreciation

Lurick
Getting noticed
‎10-20-2022 05:18 AM
‎10-20-2022 05:18 AM

SSH-RSA Depreciation

I recently noticed when on-boarding a Catalyst switch on 17.6 and 17.9 code that I'm getting tons of the following log messages:

ssh public-key algorithm compliance violation detected.kindly note that weaker public-key algorithm 'ssh-rsa' will be disabled by-default in the upcoming releases.please configure more stronger pk algorithms to avoid service impact.

 

I know I can suppress these messages in the logs but I was wondering if there is a better way or if there is a roadmap item as to when ssh-rsa will be removed on the Meraki dashboard side and replaced with something else in the future so we don't have to suppress these messages.

Subscribe
4 REPLIES 4
jorisjean
Conversationalist
‎12-07-2022 04:57 AM
‎12-07-2022 04:57 AM

Hello,

 

Same problem here with 9300 running 17.4

Used this command to remove the annoying logs from the buffer
logging discriminator MERAKI mnemonics drops SSH_COMPLIANCE_VIOLATION_PK_ALGO msg-body drops (Login Success.*meraki-user|User meraki-user has exited)

 

Thanks,

Subscribe
In response to jorisjean
Lurick
Getting noticed
‎12-15-2022 06:05 AM
‎12-15-2022 06:05 AM

Yup, you could shorten it a bit if you wanted to but that's pretty much what I did as well!

0 Kudos
Subscribe
jorisjean
Conversationalist
‎05-01-2023 12:48 AM
‎05-01-2023 12:48 AM

UPDATE:

After upgrading my 9300 to 17.6.5 I had issues with DMI and netconf

Apr 26 05:42:49.816: %DMI-5-SYNC_START: Switch 1 R0/0: dmiauthd: Synchronization of the running configuration to the NETCONF running data store has started.

Apr 26 05:43:02.472: %DMI-3-SYNC_ERR: Switch 1 R0/0: dmiauthd: An attempt to synchronize the running configuration to the NETCONF running data store has failed:

Apr 26 05:43:02.472: %DMI-3-DMI_DEGRADED: Switch 1 R0/0: dmiauthd: The dmi infra is operating in degraded mode. Most synchronizations from IOS to NETCONF datastore will not be performed



CORE(config)#do show platform software yang process state

Confd Status: Started

Process Status State

----------------------------------------------------------

nesd Running Active

syncfd Running Active (degraded)

 

I opened a case with meraki support and they suggested that I remove my descrimanator.

It solved the netconf error. But now my logs are filled with the Deprecation warning message again.
Any other solution ? Any idea when meraki will stop using ssh-rsa ?

 

Thanks,

0 Kudos
Subscribe
In response to jorisjean
jorisjean
Conversationalist
‎05-07-2023 11:51 PM
‎05-07-2023 11:51 PM

Update: After working with TAC the proper discriminator to use seems to be

`logging discriminator DROP-ME msg-body drops meraki-user|Public-key`

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
© 2023 Meraki