Damien Miller
2015-Oct-16 19:07 UTC
FYI HEAD now refuses <1024 bit DH keys in group-exchange
Hi, I just committed a change to HEAD that raises the minimum Diffie-Hellman group size that the client will accept from 1024 to 2048 bits. Connections to well-behaved servers should not be affected by this change, but I've identified at least one case where a misconfigured server can cause connection failure. The errors look like:> ssh_dispatch_run_fatal: Connection to 10.1.1.1: DH GEX group out of > rangeThe problematic software is OpenSSH <3.9 or Sun_SSH (all versions). It will use a fixed 1024 bit DH group as an implicit fallback if /etc/ssh/moduli is missing, unreadable or empty. Hopefully nobody is still using such an ancient OpenSSH (>10 years old!), so the Sun_SSH case is more likely. If this change prevents you from connecting to a server, then the workaround is to explicitly use the weak diffie-hellman-group1-sha1 key exchange method to connect, i.e. ssh -oKexAlgorithms=diffie-hellman-group1-sha1 user at host Once you are logged in, restore a good /etc/ssh/moduli (you can copy one from OpenSSH HEAD[1]), log out and try to log in again without the KexAlgorithms option. It should work fine. We always appreaciate reports from people who are able to test HEAD in their environments and I'm particularly interested in reports of similar failures. -d [1] https://anongit.mindrot.org/openssh.git/plain/moduli
Ángel González
2015-Oct-16 21:58 UTC
FYI HEAD now refuses <1024 bit DH keys in group-exchange
On 16/10/15 21:07, Damien Miller wrote:> Hi, > > I just committed a change to HEAD that raises the minimum Diffie-Hellman > group size that the client will accept from 1024 to 2048 bits. > Connections to well-behaved servers should not be affected by this > change, but I've identified at least one case where a misconfigured > server can cause connection failure. The errors look like: > >> ssh_dispatch_run_fatal: Connection to 10.1.1.1: DH GEX group out of >> range > The problematic software is OpenSSH<3.9 or Sun_SSH (all versions). > It will use a fixed 1024 bit DH group as an implicit fallback if > /etc/ssh/moduli is missing, unreadable or empty.Thanks for the heads-up. We know that people will find that a bit cryptic. What about showing a message like: "A Diffie-Hellman group of %d bits is too weak. Does the server have a /etc/ssh/moduli file with suitable values?" Best regards