Displaying 20 results from an estimated 165 matches for "group14".
Did you mean:
group1
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:55 PM, Tim Broberg wrote:
> Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled?
In the end, I'm trying to ensure a minimum equivalent of 128-bits of
security. Group14 is 2048-bits, which roughly translates to 112-bits. [1]
To this end, I disabled the "diffie-hellman-group14-sha1" and
"diffie-hellman-group14-sha256" kex algorithms, but the problem is that
the group exchange "diffie-hellman-group-exchange-sha256" is not
respecting...
2007 Jan 08
0
How to remove group1 and group14 from OpenSSH..
Hello everyone.. I am fairly new to the patching format.. so I just decided to post a basic info
about how to remove group1 and group14 diffie key exchange in OpenSSH.
I know that they are listed as required in RFC 4253 but I don't want a client to have the choice
to use a 1024 bit prime for the key exchange. If someone is getting into my system.. they should
upgrade to a new client. I am a fan of 8192 bit primes : )
I also g...
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
Can we disable diffie-hellman-group14-sha1 too?
On Thu, Feb 14, 2019 at 10:23 PM Mark D. Baushke <mdb at juniper.net> wrote:
>
> Hi John,
>
> The short answer is YES.
>
> Jon DeVree <nuxi at vault24.org> writes:
>
> > I ask because the removal of diffie-hellman-group-exchange-sha1 happened
> &...
2019 Jan 19
3
Can we disable diffie-hellman-group14-sha1 by default?
e.g. can we make it throw warnings etc. rsa-sha2-256 and rsa-sha2-512
are fine, they use PSS.
On Sun, Jan 20, 2019 at 1:55 AM Yegor Ievlev <koops1997 at gmail.com> wrote:
>
> Also can we do anything with ssh-rsa? It uses both SHA-1 and
> deprecated PKCS#1 padding. If it's used to sign certificates, there's
> no additional protection of SHA-2 hashing before SHA-1
2007 Sep 21
4
Diffie Hellman key exchange algorithms
A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms:
(1) Are the diffie-hellman-group-exchange-sha256",
"diffie-hellman-group-exchange-sha1"
, "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as
defined in RFCs 4253 and RFC 4419) the complete list of key exchange
algorithms supported by OpenSSH?
(2) Is there a way to configure the DH key exchange algorithms to be supported? For e.g. if we want to support only "diffie-hellman-group...
2018 Mar 06
2
Failed connections 7.6 to 5.2
...iguration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file
/etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data
/etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok:
[curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
deb...
2017 Sep 21
5
DH Group Exchange Fallback
...lman-group-exchange-sha256" kex, so I edited my
/etc/ssh/moduli file such that only 3071+ moduli are left. However,
when clients ask for a max of 2048-bit moduli, they actually get one
(!). I poked around and found that a fallback mechanism exists
(dh.c:185), which returns back the fixed group14 Group in that case
(dh.c:441).
I gotta say... having a fallback mechanism here seems pretty
strange. The entire point of the group exchange is to use a dynamic
group and not a static one. Otherwise, the admin would have chosen to
use "diffie-hellman-group[14,16,18]-sha256". Le...
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
> On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
>> I gotta say... having a fallback mechanism here seems pretty
>> strange. The entire point of the group exchange is to use a dynamic
>> group and not a static one.
>
> fwiw, i think dynamic groups for DHE key exchange is intrinsically
> problematic
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
...56-ctr,aes256-cbc,aes128-gcm at openssh.com,aes128-ctr,aes128-cbc
-oMACs=hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-512-etm at openssh.com
,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512
-oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sh...
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
...etting O_NONBLOCK
debug1: Authenticating to 2x:22 as 'harry'
debug2: compat_kex_proposal: original KEX proposal: curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: Compat: skipping algorithm "curve25519-sha256 at libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchan...
2015 May 22
3
Weak DH primes and openssh
...t until very
> recently (ie after their 0.64 release) they didn't do the one that was
> actually standardized in RFC4419. OpenSSH recently removed support for
> that non-standard one and as a result we don't offer DHGEX to PuTTY
> versions <= 0.64 so they'll fall back to group14 (2k bit fix group).
I think this is wrong.
This commit [0] from 2005 appears to show the addition of
diffie-hellman-group-exchange-sha256 support to PuTTY.
I've also just successfully connected to a local test OpenSSH server
(v6.7p1, as packaged by Debian) with only
diffie-hellman-group-exch...
2017 Sep 24
3
DH Group Exchange Fallback
...s not necessarily in
> the moduli file.
Section 3 says: "The server should return the smallest group it knows
that is larger than the size the client requested." Even though my
system has values in /etc/ssh/moduli that are 3072-bits all the way up
to 8192-bits, its still returning group14. I suppose with a loose
interpretation, you could say OpenSSH is still adhering to the spec,
since, technically, it does know about group14...
However, my main point still stands. The admin is unambiguously saying
"ONLY use these groups", yet in some cases, the present code disregar...
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
...tus: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
In a recent discussion[0], Christian Weisgerber pointed me to the fact
that ssh/sshd fall back to diffie-hellman-group14-sha1 if client and
server couldn't agree on parameters for DH GEX,... even when client
and/or server intentionally removed diffie-hellman-group14-sha1 from
their KEX preference list (which is like explicitly/intentionally
disabling it).
It seems that this is not exactly correct - I made some t...
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
...tus: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
In a recent discussion[0], Christian Weisgerber pointed me to the fact
that ssh/sshd fall back to diffie-hellman-group14-sha1 if client and
server couldn't agree on parameters for DH GEX,... even when client
and/or server intentionally removed diffie-hellman-group14-sha1 from
their KEX preference list (which is like explicitly/intentionally
disabling it).
It seems that this is not exactly correct - I made some t...
2016 Feb 09
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity
...oad_hostkeys: loaded 2 keys from localhost-with-alias
debug3: order_hostkeyalgs: prefer hostkeyalgs:
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss
h-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss
h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@
openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,...
2015 Dec 11
16
[Bug 2515] New: Implement diffie-hellman-group{14,15,16)-sha256
...tus: ASSIGNED
Severity: enhancement
Priority: P3
Component: ssh
Assignee: dtucker at zip.com.au
Reporter: dtucker at zip.com.au
Blocks: 2451
The IETF ssh working group has proposed adding MODP groups 15 and 16
with SHA256 and deprecating group14-sha1 (we're already doing the
latter).
https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
--
You are receiving this mail because:
You are watching the reporter of t...
2015 May 21
8
Weak DH primes and openssh
...o about this issue,
and what Debian might do for our users?
openssh already prefers ECDH, which must reduce the impact somewhat,
although the main Windows client (PuTTY) doesn't support ECDH yet. But
openssh does still offer diffie-hellman-group1-sha1 (uses a 1024-bit
group) and diffie-hellman-group14-sha1 (uses a 2047-bit group), which
must be considered a bit suspect? Of course RFC4253 says implementations
MUST offer these...
The moduli file you provide has this distribution of sizes:
size count
1023 36
1535 50
2047 36
3071 31
4095 41
6143 27
8191 39
Would it be sensible to remove t...
2019 Feb 14
2
Can we disable diffie-hellman-group-exchange-sha1 by default?
I ask because the removal of diffie-hellman-group-exchange-sha1 happened
accidently in 7.8 due to a mistake in a change to readconf.c. I noticed
this and filed a bug about it along with a patch to fix readconf.c to use
KEX_CLIENT_* like it used to:
https://github.com/openssh/openssh-portable/commit/1b9dd4aa
https://bugzilla.mindrot.org/show_bug.cgi?id=2967
Its clear the removal was unintentional