[Linksys SRW2008MP] Cisco’s low-end Gigabit Switch w/ POE

My Linksys SRW2008MP Gigabit Max POE Switch just arrived today! My impressions were the switch should be cheaper then what it is, but nonetheless it does what it is intended.

Model Name // <![CDATA[// SRW2008MP
Hardware Version 00.03.00
Boot Version 1.0.1
Firmware Version 1.0.4

The webGUI could be a bit more responsive, but one thing I really did not link after playing around with the switch for a few minutes, the ssh server configuration. For command-line only telnet is usable despite there is an option to enable ssh.

SSH Server Configuration:

  • The “SSH Public Key Length” is fixed at 512 and cannot be changed no matter if you choose RSA or DSA. The default length should at least be 768 bits. Changing to DSA would make an implicit change, but it does not. SSH-KEYGEN(1) states that “DSA keys must be
    exactly 1024 bits as specified by FIPS 186-2.” :

$> ssh 192.168.1.254
The authenticity of host ‘192.168.1.254 (192.168.1.254)’ can’t be established.
RSA key fingerprint is 2x:cb:8x:0f:4e:72:77:c7:43:f2:64:8d:73:00:f6:96.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.254’ (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key

Apparently there is no way to overcome this unless limitation via command-line options. Though someone named “Chris C.” via a google search suggest “you would need to change SSH_RSA_MINIMUM_MODULUS_SIZE in ssh.h and recompile.

swinful2> grep SSH_RSA_MINIMUM_MODULUS_SIZE /usr/src/crypto/openssh/ssh.h
#define SSH_RSA_MINIMUM_MODULUS_SIZE    768

Chris is probably right, but I did not make the change and recompile. However, telnet works like a charm! Keep in mind, if you do not use Microsoft Internet (IE) Explorer you might as well use telnet, because neither Mozilla Firefox or Google’s Chrome worked with the web GUI! The web GUI has to run ActiveX (MSXML 5.0)! As of this post the latest firmware is 1.0.4.

Advertisements
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s