[Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
aixtools
aixtools at gmail.com
Fri Jul 10 20:01:35 AEST 2015
On 2015-06-02 5:31 AM, bugzilla-daemon at mindrot.org wrote:
> https://bugzilla.mindrot.org/show_bug.cgi?id=2302
>
> --- Comment #13 from Darren Tucker<dtucker at zip.com.au> ---
> (In reply to Christoph Anton Mitterer from comment #10)
> [...]
>> Even though an attacker cannot (AFAIU??) for a connection to
>> downgrade to the weaker groups,
> The server's DH-GEX exchange hash includes the DH group sizes it
> received from the client. If these are modified in transit the
> exchange hash will not match.
>
>> it still doesn't give the server
>> admin a good way to "block out" weak clients.
> Do any such clients actually exist? RFC4419 says DH-GEX
> implementations SHOULD have a max group size of 8k.
>
Yes I expect. I have a ssh client from 2002 era that has worked very
well for me (from ssh.com before they renamed it tectia) - and I would
buy it again today - but they only to B2B these days.
Putty is functional, but I really prefer the 'tectia'-like UI.
I expect I will have no choice - other than replace it - as servers get
tighter about key exchange protocols (mine still needs the (please dont
hit me !) sha1 exchanges.
So, yes - they exist because until openssh-6.7 they were all supported
by default - so again thank you (openbsd/openssh devs) for opening my
eyes - and giving me time to adjust!
More information about the openssh-unix-dev
mailing list