Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
June 3, 2008, 3:55 pm
rate this thread
I am new to SSH, I wanted to know how to use or test the new and
specific DH group exchange algorithm (ex: diffie-hellman-group-
exchange-sha256) supported in latest openssh for key exchange.
I read the ssh man page but I could not find any options to choose
this from the ssh client.
I also read the RFC4419 and looked into the code.
As per this RFC, Client sends the (min, n, max) size in bits during
The value of n is calculated based on the size of enc key and mac key.
And as per the code in dh_estimate() only possible values that are
send to server are 1024, 2048 and 4096.
Server sends back the p&g values to Client based on then=92. And it
uses /etc/moduli to find the p&g.
Now, my question is how I ensure that "diffie-hellman-group-exchange-
sha256" is used for key exchange instead of "diffie-hellman-group-
exchange-sha1" or "diffie-hellman-group14-sha1".
NOTE: If this is not a right place to post this Question plz excuse me
and redirect me right group.
Thanks in advance,
Re: Using/Testing Specific DH Group Exchange alogrithm in SSH
Having tried this myself in the past, the only way I found to do
it was to get the OpenSSH source code, modify it accordingly and rebuild.
The change is simple - just edit a file called myproposal.h in the
aforementioned sources as needed.
I believe that PuTTY does allow you to change this when launching
your client though.
- » psftp.exe vs putty.exe --> "Server refused to allocate pty" error message.
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum