[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a dh keys question?

On 01/08/18 03:57, Dan Ritter wrote:
> On Tue, Jul 31, 2018 at 11:38:34AM -0400, Karen Lewellen wrote:
>> Hi everyone,
>> While the question seems simple, at least to me, the reason behind it is
>> complicated.  so I am hoping to focus on the question first.
>> During the dh key exchange process, where do the user dh key packets come
>> from software wise?
> You generate a private/public key pair with ssh-keygen, and send
> the public key over to your destination in advance, so that they
> can recognize you.

Yes, but that's not the dh (Diffie-Hellman) key. Diffie-Hellman key
exchange is to generate a one-time session key that is discarded after
the session is finished.

>> I have a problem now where each place I try to visit using my ssh client,
>> and my sftp one, I am getting a dh key exchange failure.
>> using the -v command  is not shedding light on the issue.
>> I am using the same client now to reach another  service, but here  we use a
>> different port from port 22.
>> the error started on the 29th of June, and the company providing my dsl
>> service did claim to have a service issue on that day.
>> However they do not speak Linux let alone anything else Unusual.
>> Thoughts?
> Are you having problems SSHing to all servers that you try, or
> just to one in particular?
> If it's just one, and that one uses a port other than 22, it's
> likely that your DSL company started filtering that port on the
> 29th. 

If it was a simple port filtering issue, then you'd get something like
'Connection Refused' or 'Destination unreachable' or 'Connection timed
out' - you wouldn't get as far as dh key exchange.

I'm not an expert in this, so might have some details wrong, but I think
the gist of it is right. Happy to be corrected.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: