[GTALUG] dh key exchange question.

[D. Hugh Redelmeier]

| From: Karen Lewellen via talk <talk at gtalug.org>

| Thanks for these suggestions, but I do not have a Linux box.  I use ssh telnet
| to reach a Linux shell.

I'm not sure what "ssh telnet" is.  What software are you actually
using on your Windows machine?  Putty?

| I have  been debugging since Late June, with others here at least letting me
| know the  problem may be  due to locations removing access to my keys as
| dreamhost has done.

The terminology of crypto is kind of confusing.  One confusing thing is 
the word "key": there are two distinct kinds of keys used by SSH.

Normally, the keys you manipulate for SSH are a private key (that you
usually keep only on your local machine) and a corresponding public
key that you put everywhere that you might want to log into.
These two keys are a pair and you cannot mix and match from other key
pairs.  You generally think of these keys as close to permanent.

The DH (DIffie-Hellman) exchange is something done by SSH
autonomously, per session.  This exchange creates unique but shared
"ephemeral" keys.  You don't generally get involved in this.  DH is
almost magical but was invented about 40 years ago.

There is one thing about DH that can require your intervention.  DH
works within an algebraic structure.  Sometimes the algebra becomes
obsolete because more powerful computers or algorithms are getting
close to breaking them.  So SSH starts by negotiating which DH algebra
to use.  If your SSH is old enough, there is a chance that it doesn't
support an algebra that the other side's SSH considers secure.  That
means that a session cannot be negotiated.

Note: DH isn't related to your permanent keys.  If you have key
trouble, it probably isn't anything to do with DH.  If you have DH
trouble, it probably isn't anything to dow with your permanent keys.

PS: It was Hellman's birthday yesterday.