This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Announcement: ICX FastIron 08.0.30t is now available on Support

michael_brado
Esteemed Contributor II

‎02-18-2019 03:20 PM

     Our ICX FastIron developers and QAhave a new maintenance release with bug fixes.

This firmware runs on FCX, FSX, ICX – 6610, 6430/6450, 6650, 7250, 7450, 7750 models.

 

FastIron 08.0.30t Release Notes:

https://support.ruckuswireless.com/documents/2657-fastiron-08-0-30t-release-notes

 

Ruckus ICX FastIron 08.0.30t Software Release (.zip):

https://support.ruckuswireless.com/software/1994-ruckus-icx-fastiron-08-0-30t-software-release-zip

 

MD5:  480cea85722d2c138c4df7cbb8d4b175

 

   Thanks and best regards,
8 REPLIES 8

eric_markow_641
New Contributor II
In response to eric_markow_641

‎02-19-2019 01:08 PM

We are an MSP and the end customer.

The issue is that my router is running a version of FreeBSD that dropped support for less secure SSH methods (Ruckus RIOT partner RG Nets rXg). When I try to SSH into my ICX6450-C12P, I get the following error: 

[admin@ ~]$ ssh admin@10.10.2.3
Unable to negotiate with 10.10.2.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

I tried configuring the switch (via telnet) with the following:
telnet@sw3(config)#crypto key gen rsa modulus 2048

The command "ip ssh key-exchange-method" is not recognized, as I'm guessing this is not a "FCX device". 

Again, I'm running 80.0.30saT311 on this switch.

The other switches on this network are ICX 7250's running 08.0.80dT211. I am able to use SSH to communicate with them after running the "ip ssh key-exchange-method dh-group14-sha1" command.
0 Kudos

andrew_giancol1
Contributor III
In response to eric_markow_641

‎02-19-2019 01:23 PM

This is a problem with my MacBook Pro connecting to  Cisco IOS 12.2 and below. I simply modified `/etc/ssh/ssh_config`. I assume it'll be just as easy for you to do that too.
0 Kudos

sarma_kuppa
New Contributor

‎02-19-2019 12:01 PM

Eric, as Jijo said it is highly unlikely to get the feature into 8030 patches unless there is a strong business case.
0 Kudos

netwizz
Contributor III

‎02-19-2019 12:58 PM


That said, you can use RSA 2048 bit for ssh authentication algorithm.

Separate topic.... you can and disable AES-CBC encryption, which meets the standard of the Joint Interoperability Test Command (JITC).  JITC is a United States military organization that tests technology pertaining to multiple branches of the armed services and the government.

ip ssh  encryption disable-aes-cbc


I am a bit surprised no option is available for a larger RSA modulus, either.  Many devices support 4096 bit RSA modulus.

Either way, RSA is slow to generate but faster than DSA to authenticate once configured.

Copyright © 2024 Khoros, LLC