Using/Testing Specific DH Group Exchange alogrithm in SSH - SSH

This is a discussion on Using/Testing Specific DH Group Exchange alogrithm in SSH - SSH ; Hi, I am new to SSH, I wanted to know how to use or test the new and specific DH group exchange algorithm (ex: diffie-hellman-group- exchange-sha256) supported in latest openssh for key exchange. I read the ssh man page but ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Using/Testing Specific DH Group Exchange alogrithm in SSH

  1. Using/Testing Specific DH Group Exchange alogrithm in SSH

    Hi,

    I am new to SSH, I wanted to know how to use or test the new and
    specific DH group exchange algorithm (ex: diffie-hellman-group-
    exchange-sha256) supported in latest openssh for key exchange.

    I read the ssh man page but I could not find any options to choose
    this from the ssh client.

    I also read the RFC4419 and looked into the code.

    As per this RFC, Client sends the (min, n, max) size in bits during
    initial handshake.
    The value of n is calculated based on the size of enc key and mac key.
    And as per the code in dh_estimate() only possible values that are
    send to server are 1024, 2048 and 4096.

    Server sends back the p&g values to Client based on the ‘n’. And it
    uses /etc/moduli to find the p&g.

    Now, my question is how I ensure that "diffie-hellman-group-exchange-
    sha256" is used for key exchange instead of "diffie-hellman-group-
    exchange-sha1" or "diffie-hellman-group14-sha1".

    NOTE: If this is not a right place to post this Question plz excuse me
    and redirect me right group.

    Thanks in advance,
    Anand

  2. Re: Using/Testing Specific DH Group Exchange alogrithm in SSH

    On Tue, 03 Jun 2008 08:55:10 -0700, Mysore wrote:

    > Hi,
    >
    > I am new to SSH, I wanted to know how to use or test the new and
    > specific DH group exchange algorithm (ex: diffie-hellman-group-
    > exchange-sha256) supported in latest openssh for key exchange.
    >
    > I read the ssh man page but I could not find any options to choose this
    > from the ssh client.
    >
    > I also read the RFC4419 and looked into the code.
    >
    > As per this RFC, Client sends the (min, n, max) size in bits during
    > initial handshake.
    > The value of n is calculated based on the size of enc key and mac key.
    > And as per the code in dh_estimate() only possible values that are send
    > to server are 1024, 2048 and 4096.
    >
    > Server sends back the p&g values to Client based on the ā€˜nā€™. And it uses
    > /etc/moduli to find the p&g.
    >
    > Now, my question is how I ensure that "diffie-hellman-group-exchange-
    > sha256" is used for key exchange instead of "diffie-hellman-group-
    > exchange-sha1" or "diffie-hellman-group14-sha1".


    Having tried this myself in the past, the only way I found to do
    it was to get the OpenSSH source code, modify it accordingly and rebuild.
    The change is simple - just edit a file called myproposal.h in the
    aforementioned sources as needed.

    I believe that PuTTY does allow you to change this when launching
    your client though.




+ Reply to Thread