On 2015-06-02 5:31 AM, bugzilla-daemon@xxxxxxxxxxx wrote:
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
--- Comment #13 from Darren Tucker<dtucker@xxxxxxxxxx> ---
(In reply to Christoph Anton Mitterer from comment #10)
[...]
Even though an attacker cannot (AFAIU??) for a connection to
downgrade to the weaker groups,
The server's DH-GEX exchange hash includes the DH group sizes it
received from the client. If these are modified in transit the
exchange hash will not match.
it still doesn't give the server
admin a good way to "block out" weak clients.
Do any such clients actually exist? RFC4419 says DH-GEX
implementations SHOULD have a max group size of 8k.
Yes I expect. I have a ssh client from 2002 era that has worked very
well for me (from ssh.com before they renamed it tectia) - and I would
buy it again today - but they only to B2B these days.
Putty is functional, but I really prefer the 'tectia'-like UI.
I expect I will have no choice - other than replace it - as servers get
tighter about key exchange protocols (mine still needs the (please dont
hit me !) sha1 exchanges.
So, yes - they exist because until openssh-6.7 they were all supported
by default - so again thank you (openbsd/openssh devs) for opening my
eyes - and giving me time to adjust!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev