On Thu, 2014-10-23 at 11:58 +0200, Daniel Kahn Gillmor wrote: > Christoph is pointing out that the client might actually have a way to > verify that the group is strong. Well that's even already one step ahead, my main point was, that right now I have (AFAIU) not really a chance to disallow weak groups (in the sense of size) at both sides - server and client. OpenSSH's ssh will accept 1024 (which I personally would feel more comfortable if I could harden it, and e.g. only selectively allow smaller groups for older server's I'm speaking to). And AFAIU Christian, the server will always fall back to the 2048bit group from diffie-hellman-group14-sha1, even if I "harden" my sshd's moduli file by removing all smaller groups. But really checking the moduli goes already one step further. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev