[EC]DH KEx and how to restrict ssh/sshd to secure(er) DH parameters
Christoph Anton Mitterer
calestyo at scientia.net
Fri Oct 24 13:46:45 EST 2014
On Thu, 2014-10-23 at 11:58 +0200, Daniel Kahn Gillmor wrote:
> Christoph is pointing out that the client might actually have a way to
> verify that the group is strong.
Well that's even already one step ahead, my main point was, that right
now I have (AFAIU) not really a chance to disallow weak groups (in the
sense of size) at both sides - server and client.
OpenSSH's ssh will accept 1024 (which I personally would feel more
comfortable if I could harden it, and e.g. only selectively allow
smaller groups for older server's I'm speaking to).
And AFAIU Christian, the server will always fall back to the 2048bit
group from diffie-hellman-group14-sha1, even if I "harden" my sshd's
moduli file by removing all smaller groups.
But really checking the moduli goes already one step further.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5313 bytes
Desc: not available
More information about the openssh-unix-dev