Using/Testing Specific DH Group Exchange alogrithm in SSH

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am new to SSH, I wanted to know how to use or test the new and
specific DH group exchange algorithm (ex: diffie-hellman-group-
exchange-sha256) supported in latest openssh for key exchange.

I read the ssh man page but I could not find any options to choose
this from the ssh client.

I also read the RFC4419 and looked into the code.

As per this RFC, Client sends the (min, n, max) size in bits during
initial handshake.
The value of n is calculated based on the size of enc key and mac key.
And as per the code in dh_estimate() only possible values that are
send to server are 1024, 2048 and 4096.

Server sends back the p&g values to Client based on then=92. And it
uses /etc/moduli to find the p&g.

Now, my question is how I ensure that "diffie-hellman-group-exchange-
sha256" is used for key exchange instead of "diffie-hellman-group-
exchange-sha1" or "diffie-hellman-group14-sha1".

NOTE: If this is not a right place to post this Question plz excuse me
and redirect me right group.

Thanks in advance,

Re: Using/Testing Specific DH Group Exchange alogrithm in SSH

On Tue, 03 Jun 2008 08:55:10 -0700, Mysore wrote:

Quoted text here. Click to load it

    Having tried this myself in the past, the only way I found to do
it was to get the OpenSSH source code, modify it accordingly and rebuild.
The change is simple - just edit a file called myproposal.h in the
aforementioned sources as needed.

    I believe that PuTTY does allow you to change this when launching
your client though.

Site Timeline