SSH Key Exchange Algorithm

by a vulnerability scanning I've get following issue:

Problem Description:
The Secure Shell 2 (SSH2) protocol is a presentation layer protocol used to
provide secure client-server communication.

The SSH2 protocol specification requires that a SSH2 server support the
diffie-hellman-group1-sha1 key exchange algorithm. This key exchange
algorithm is considered strong, but faces a potential weakness in that the
same prime number is used for all key exchanges.

An alternative key exchange algorithm, diffie-hellman-exchange-group-sha1,
provides enhanced security by allowing for the prime number to be specified
during key exchange.

The target SSH2 server supports the diffie-hellman-group1-sha1 algorithm.

Has anybody an idea how can I fix this issue?
Thanks for Help!

View this message in context:
Sent from the SSH (Secure Shell) mailing list archive at

Relevant Pages

  • Re: SSH Version question
    ... However, your older daemon is having a higher number, "2.0", ... because it is configured to only support the SSH2 protocol. ...
  • Confusing! ssh, ssh1, ssh2, etc.
    ... SSH Communications Corp has ssh1 and ssh2 as separate programs. ... OpenSSH has both protocol 1 and protocol 2 in one program. ... SSH Comm Corp's ssh2 uses a completely different protocol than OpenSSH's ... scp, ...
  • Re: SSH Vulnerability
    ... Almost all reports of "the SSH1 vulnerability" are traceable back to ... SSH2 was created for a ... primarily, IMHO, to get away from the patented RSA protocol. ...
  • Re: What could be the possible security risks with SSH?
    ... How does SSH2 fare better than .rhosts or in other words what security ... > protocol only, using AES or Blowfish. ...
  • Re: Products using RSA, etc
    ... SSH2 can use ... DSA authentication and DH key exchange. ... PGP uses DSA and ElGamal. ...