Re: [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2015-06-02 5:31 AM, bugzilla-daemon@xxxxxxxxxxx wrote:
https://bugzilla.mindrot.org/show_bug.cgi?id=2302

--- Comment #13 from Darren Tucker<dtucker@xxxxxxxxxx>  ---
(In reply to Christoph Anton Mitterer from comment #10)
[...]
Even though an attacker cannot (AFAIU??) for a connection to
downgrade to the weaker groups,
The server's DH-GEX exchange hash includes the DH group sizes it
received from the client.  If these are modified in transit the
exchange hash will not match.

it still doesn't give the server
admin a good way to "block out" weak clients.
Do any such clients actually exist?  RFC4419 says DH-GEX
implementations SHOULD have a max group size of 8k.

Yes I expect. I have a ssh client from 2002 era that has worked very well for me (from ssh.com before they renamed it tectia) - and I would buy it again today - but they only to B2B these days.

Putty is functional, but I really prefer the 'tectia'-like UI.

I expect I will have no choice - other than replace it - as servers get tighter about key exchange protocols (mine still needs the (please dont hit me !) sha1 exchanges.

So, yes - they exist because until openssh-6.7 they were all supported by default - so again thank you (openbsd/openssh devs) for opening my eyes - and giving me time to adjust!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux