On Thu, 11 Mar 2021, James Ralston wrote: > > If /etc/moduli is missing then dh_new_group_fallback() will use > > either a 2k or 4k group. > > Who is determining this, though? The client or the server? > > This exchange: > > debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32 > debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32 > debug3: send packet: type 34 > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent > debug3: receive packet: type 31 > debug1: got SSH2_MSG_KEX_DH_GEX_GROUP > debug2: bits set: 4092/8192 > debug3: send packet: type 32 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug3: receive packet: type 33 > debug1: got SSH2_MSG_KEX_DH_GEX_REPLY > > …suggests that the client tells the server its minimum, desired, and > maximum group size, and the server picks a group accordingly. That is accurate. > But what happens if a random ssh client (not OpenSSH) sends this? > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent > > Will OpenSSH server honor this and pick a 1024-bit group? If there are any in the moduli file, yes. We do not ship 1024 bit groups in the moduli file and haven't for some time. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
