Re: a dh keys question?
Karen Lewellen wrote:
> 1.
> I am not using Linux, but an ssh client compiled from a combination of
> tools, Linux and otherwise, including putty.
> I have been very firm in not stating that I use Linux at all.
Kind of a bad move, what with this being a Debian (Linux) mailing list.
Lot of wasted effort would've been saved.
> In fact the first sentence of my question stated that while the issue is
> complex, the question, where dh keys are generated, was simple.
They're generated on the fly at the time of connection. The server and
client each (should) have a "moduli" file somewhere, where they can seed
the DH key generation from (in whichever version of Debian I'm running
on this test box, it happens to be /etc/ssh/moduli)
> 2. I can state firmly that the port number has absolutely a great deal
> to do with my issue.
You can say that til you're blue in the face, it doesn't make you
correct though. As I said before, the selection of a standard vs.
nonstandard port for ssh (or, any service for that matter) has no
bearing on the Diffie-Hellman Key Exchange portion of the handshake.
> best evidence? your getting this e-mail at all.
I assume you mean to imply that you're ssh'd into some remote host and
it just so happens to be running a service on a nonstandard port. See
above for the refutation of this claim.
> I am writing using a shell service that uses Ubuntu 16.04 as its
> platform...same as dreamhost.
> we do not use port 22 here, and I can use my ssh client to reach my
> workspace..doing such as we speak..
> Likewise an associate who hosts their own servers created a temp account
> for me, using port 4460...worked perfectly.
> I respect other factors might be involved, but my goal is the swiftest
> solution that lets us move our services from dreamhost somewhere else to
> which I can ssh from my desktop/
> If choosing a location with a port other than 22 solves the issue, it is
> good enough for me.
The thing is, it's NOT the selection of the port that's making it work
(or not) - it's a difference between your SSH client and the server's
acceptable range for key moduli.
For Openssh 6.7p1
DH_GRP_MIN 1024
DH_GRP_MAX 8192
For Openssh 7.4
DH_GRP_MIN 2048
DH_GRP_MIN 8192
Since you're running a series of ssh clients (? ... or a amalgamation of
all of them ...?), it's up to you to check the various changelogs of
them to see if you need updates (or if they've been abandoned or ... )
--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
Reply to: