OpenSSH 6.6 - DH_GEX group out of range: 1536 !< 1024 !< 8192 [I]

Alessandro Lomonaco alessandro.lomonaco at db.com
Thu Feb 25 20:48:46 AEDT 2016


Classification: For internal use only

Hi all,

recently we've moved from OpenSSH 6.2 to OpenSSH 6.6. Since we moved we 
have got problems with some sftp connection.

When we connect to some hosts we receive this error:

DH_GEX group out of range: 1536 !< 1024 !< 8192 
Couldn't read packet: Connection reset by peer 

Our OS is:  SUSE Linux Enterprise Server 11 SP4 

We've read that is a known issue: 
https://www.novell.com/support/kb/doc.php?id=7016904

We've tried to use this workaround: put in /etc/ssh_config this line:

KexAlgorithms 
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 


It works for some sftp connection, but not all.

Can you help us ? Can you explains us why some connection work and other 
not ?

Kind regards,
Alessandro Lomonaco

____________________________________________________



Alessandro Lomonaco
Erptech S.p.A. | External Consultant

DB Consorzio S. Cons. a r. l.
GT Production EMEA
Piazza del Calendario, 3, 20126 Milano, Italy
Tel. +39 02 4024-3742
Email alessandro.lomonaco at db.com


-- 

Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.deutsche-bank.de/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.


More information about the openssh-unix-dev mailing list