[GTALUG] dh key exchange question.

Mike el.fontanero at gmail.com
Tue Oct 2 16:35:59 EDT 2018 

Hi Karen,

SSH has seen a lot of activity in the past couple of years, with
vulnerabilities published against various algorithms and standard
advice to stop using them.  It's possible that all those servers have
also deprecated group 1 (only a 768 bit key).  Group 14 is the minimum
considered acceptable these days (2048 bit key).

Is it possible that the author of the SSH client you are using has
updated the software?

On 10/2/18, Karen Lewellen <klewellen at shellworld.net> wrote:
> Hi Mike,
> Thanks for that information.
> I would feel better though if  the same problem was not happening
> practically everywhere else.
> i can check my list, I believe, but imagine it will take someone skilled
> in compiling to update anything.
> Meaning I will need to either find that skill, or move our office hosting
> services  somewhere equal to dreamhost but less paranoid.
> Thanks again,
>
>
>
> On Tue, 2 Oct 2018, Mike wrote:
>
>> Hi Karen,
>>
>> I found a reference at Dreamhost wherein a user says that Support hold
>> him that "diffie-hellman-group1-sha1 was recently removed for security
>> concerns".  This is 26 days ago.  The reference URL is:
>>
>> https://discussion.dreamhost.com/t/ssh-issue-with-key-exchange-algorithms/68804
>>
>> It may be that your SSH client does not support newer DH modes, for
>> example group 14.  Is there a way you can find out what key exchange
>> modes and ciphers your SSH client supports?
>>
>> Regards,
>> Mike
>>
>>
>> On 10/2/18, Karen Lewellen via talk <talk at gtalug.org> wrote:
>>> Hi folks,
>>> The accessible ssh client I use provides a way to send dh keys when I
>>> use
>>> ssh TELNET to reach a location.
>>> I have a bell dsl account, and since the first of July I have not been
>>> able to reach dreamhost who hosts my office shell.
>>> While I have not ruled out Bell as the problem, it started  one day when
>>> they claimed to have a service interruption,  and refuse to discuss
>>> Linux
>>> at all, I want to see if something else might have happened.
>>> With very few exceptions, every place where I visit involving port 22
>>> presents the same dh key exchange failure.
>>> Was openssh updated on June 29 2018?
>>> Hosting companies who use some  different Linux options for their shell
>>> services, scientific for example, still work.  Shellworld does too, but
>>> we
>>> use  a different port for ssh and the administrator  still allows most
>>> public keys.
>>> can anyone provide wisdom here?
>>> Thanks,
>>> Karen
>>>
>>>
>>> ---
>>> Talk Mailing List
>>> talk at gtalug.org
>>> https://gtalug.org/mailman/listinfo/talk
>>>
>>
>>
>

More information about the talk mailing list