On Wed, Mar 10, 2021 at 7:43 PM Damien Miller <djm@xxxxxxxxxxx> wrote: > On Wed, 10 Mar 2021, James Ralston wrote: > > > …if it is necessary to enable one of them for backward > > compatibility with clients/servers that support only SHA-1 > > algorithms, then this is the only one that should be enabled: > > > > * diffie-hellman-group14-sha1 (for KexAlgorithms) > > * gss-group14-sha1- (for GSSAPIKexAlgorithms) > > Disagree. diffie-hellman-group-exchange-sha1 will use a > bigger/better MODP group than group14. If I had to enable one then > that would be it. Is this guaranteed to be true even if /etc/ssh/moduli contains small primes (e.g. 1023 bits)? For example, RHEL7 ships OpenSSH 7.4, which contains: $ head -7 /etc/ssh/moduli | cut -c1-70 # $OpenBSD: moduli,v 1.18 2016/08/11 01:42:11 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus 20150520233853 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92 20150520233854 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92 20150520233854 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92 20150520233855 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92 20150520233856 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92 If we enable diffie-hellman-group-exchange-sha1, our InfoSec guys tell us that our RHEL7 hosts all hit on: https://www.tenable.com/plugins/nessus/86328 In contrast, group14 guarantees that the MODP group won’t be less than 2048. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
