Re: a dh keys question?

To: debian-user@lists.debian.org
Subject: Re: a dh keys question?
From: Dan Purgert <dan@djph.net>
Date: Thu, 2 Aug 2018 10:10:21 -0000 (UTC)
Message-id: <[🔎] slrnpm5m4d.krt.dan@xps-linux.djph.net>
References: <Pine.LNX.4.64.1807311128590.26432@server2.shellworld.net> <20180731155743.jex75ctoeot43g57@randomstring.org> <[🔎] bf53281f-e7c1-e511-68bc-0a1c059e8aec@walnut.gen.nz> <[🔎] slrnpm3255.krt.dan@xps-linux.djph.net> <[🔎] Pine.LNX.4.64.1808011438560.5966@server2.shellworld.net> <[🔎] E31A3A18-1388-4955-A3AC-0786FD35ED77@djph.net> <[🔎] 20180801203511.xuobaj6t7c4rgiv7@randomstring.org> <[🔎] Pine.LNX.4.64.1808011744250.10215@server2.shellworld.net> <[🔎] slrnpm4k27.krt.dan@xps-linux.djph.net> <[🔎] Pine.LNX.4.64.1808012034300.13256@server2.shellworld.net> <[🔎] slrnpm4mcl.krt.dan@xps-linux.djph.net> <[🔎] Pine.LNX.4.64.1808012115240.14202@server2.shellworld.net>

Karen Lewellen wrote:
> There is no error at all in any way shape or form that I am given 
> indicating that there is a key range overflow.

Because you're either (a) not running the 'ssh' command with enough
verbosity to get the full error text, OR (b) your choice of tool simply
does not have the capability to print that verbosity.

The message you posted a few mails ago - "DH Key exchange failed" - is
nearly always because the two sides cannot agree on a key modulo.

> I have successfully reached  locations with various editions of openssh, 
> including in the 7 plus range...on a different port. 

And yet you've still provided no proof one way or the other.  We really
are trying to help you get to the bottom of this (or, well, at least I
was) -- but you're not exactly helping me help you.

> There are some indications likewise  that my isp indeed blocked port 22 
> and 
> 21 access for what they consider non standard applications i. e. Linux, 
> which  is not on my desktop, or DOS, which is on my desktop.

Given that port 22 is the standard port for SSH, I would be VERY
surprised that an ISP would get in the way of it.  I mean, sure, they
might've goofed - but if they were blocking it, you WOULD NOT be getting
far enough to have a diffie-hellman key exchange failure.  That's one of
the last parts of the handshake between an ssh server and ssh client ... 

> i cannot update what does not exist for me.
> I can however invest resources  where the solution  I have discovered
> does exist.

Well, since it seems you don't actually want help getting to the bottom
of the issue, good luck to you then.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

References:
- Re: a dh keys question?
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Dan Ritter <dsr@randomstring.org>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>

Prev by Date: Re: [alert] 20356#20356: *17513 open socket Nginx
Next by Date: Re: Question about /proc/loadavg
Previous by thread: Re: a dh keys question?
Next by thread: Re: a dh keys question?
Index(es):
- Date
- Thread