Failing SSH connection from Cisco to Digi - invalid modulus length

Digi CM & Passport
, ,
1

Dear Sir or Madam,

we experienced some issue with the Digi Passport 8 Port Integrated Console.
If we try to establish a SSH-Connection from a Cisco Device which is able to use a RSA key-size up to 4096 bits via Ethernet to the Digi device we get the following error.

device#ssh -l root xx.xx.xx.xx
[Connection to xx.xx.xx.xx aborted: error status 0]
device#
*Mar 1 01:07:02.819: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.6
*Mar 1 01:07:02.827: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
*Mar 1 01:07:02.827: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
*Mar 1 01:07:02.852: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
*Mar 1 01:07:02.852: SSH2 CLIENT 0: kex: server->client enc:aes128-cbc mac:hmac-sha1
*Mar 1 01:07:02.852: SSH2 CLIENT 0: kex: client->server enc:aes128-cbc mac:hmac-sha1
*Mar 1 01:07:02.852: SSH2 CLIENT 0: Using kex_a
device#lgo = diffie-hellman-group-exchange-sha1
*Mar 1 01:07:02.861: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_REQUEST sent
*Mar 1 01:07:02.861: SSH2 CLIENT 0: Range sent- 1024 < 2048 < 4096
*Mar 1 01:07:02.995: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_GROUP received
*Mar 1 01:07:02.995: SSH2 CLIENT 0: Server has chosen 3192 -bit dh keys
*Mar 1 01:07:02.995: %SSH-3-INV_MOD: Invalid modulus length
*Mar 1 01:07:02.995: SSH CLIENT0: Session disconnected - error 0x00

If we force the Cisco device to use a higher key-size (only 4096 bits) we get the following error:

device#ssh -l root xx.xx.xx.xx
[Connection to xx.xx.xx.xx aborted: error status 0]
device#
*Mar 1 01:08:40.898: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.6
*Mar 1 01:08:40.898: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
*Mar 1 01:08:40.898: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
*Mar 1 01:08:40.924: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
*Mar 1 01:08:40.932: SSH2 CLIENT 0: kex: server->client enc:aes128-cbc mac:hmac-sha1
*Mar 1 01:08:40.932: SSH2 CLIENT 0: kex: client->server enc:aes128-cbc mac:hmac-sha1
*Mar 1 01:08:40.932: SSH2 CLIENT 0: Using kex_a
device#lgo = diffie-hellman-group-exchange-sha1
*Mar 1 01:08:40.932: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_REQUEST sent
*Mar 1 01:08:40.932: SSH2 CLIENT 0: Range sent- 4096 < 4096 < 4096
*Mar 1 01:08:41.024: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_GROUP received
*Mar 1 01:08:41.024: %SSH-3-DH_GEX_RANGE_OUT: Server has chosen DH group size which is not in range 4096 !< 2048 !< 4096 , DH Group Exchange key negotiation failed
*Mar 1 01:08:41.024: SSH CLIENT0: Session disconnected - error 0x00

We found a solution in deleting the key-size 3190 in the ./etc/ssh/moduli file. By doing this workaround we are able to connect to the Digi Passport.
But after rebooting the Digi Passport, the moduli-file was restored to default.

The current firmware is: v1.4.4.3

I would be grateful for any help for this issue.

Kind regards