Diffie Hellman key exchange algorithms

rwaite1 at tampabay.rr.com rwaite1 at tampabay.rr.com
Tue Sep 25 03:39:04 EST 2007


In response to being able to configure the DH key algorithms to be used... the 
changes 
to the code are failrly small and seem safe to me. 
 
If someone is interested in what needs to change I had posted the changes needed 
to openbsd-misc back in January of this year. I did not make a patch file.. I 
only described it in text. I would appreciate comments if anyone sees something 
that is not safe. I did not add any logic or algorithms... I just made changes 
to the existing code. The 
subject of the thread was "How to remove group1 and group14 from OpenSSH.." In 
retrospect.. it never belonged on that board and perhaps would have been better 
here. 
 
I kinda wish that sshd would let you configure this as it seems like an 
important 
security decision for an admin. I made the changes to the code on my machine 
because I spent a good amount of time making very large primes. The only way 
to use them is to use the KEX method. If the user that logs in does not have the 
KEX method enabled.. I believe that it will use the group 1 or group 14. It has 
been 
a while since I looked at this code so perhaps my logic here is not so clear.. 
but I know 
at the time I had researched it I had definite reason for doing it. One of the 
RFCs states 
that you have to include the ability to use group 1 and 14. To me.. this is nice 
for 
everyone in the world to happily be able to negotiate with any server... but 
that 
is not my desire. To me.. if someone is using an old client that does not allow 
KEX.. 
then I don't want them on my system.. and I think I have a right to decide that. 
In all likelihood, no one is going to break your data being sent with group 1. 
But 
that doesn't mean I don't want to force a higher level of security. 
 
You could also force KEX_DH_GEX_SHA256 and not allow KEX_DH_GEX_SHA1 but I have 
found that a number of clients don't support this and at this time I have left 
KEX_DH_GEX_SHA1 as usable. 

Also if anyone is new to playing around in the code for 
OpenSSH... I 
found the following page pretty useful for getting an overview of the protocol: 
 
http://cs.wellesley.edu/~cs342/SSH2Protocol.html 
 
Then of course the RFCs I believe generally in the rfc425X range. 
 
And then getting a good packet sniffer so you can see what a particular ssh 
client 
is allowing. 


More information about the openssh-unix-dev mailing list