Re: SSH Key Exchange Algorithm
- From: Hari Sekhon <hpsekhon@xxxxxxxxxxxxxx>
- Date: Tue, 19 Feb 2008 09:50:11 +0000
AdMon wrote:
by a vulnerability scanning I've get following issue:Have you tried checking what algorithms your SSH server supports? Perhaps you can change the config to enable this algorithm?
Problem Description:
The Secure Shell 2 (SSH2) protocol is a presentation layer protocol used to
provide secure client-server communication.
The SSH2 protocol specification requires that a SSH2 server support the
diffie-hellman-group1-sha1 key exchange algorithm. This key exchange
algorithm is considered strong, but faces a potential weakness in that the
same prime number is used for all key exchanges.
An alternative key exchange algorithm, diffie-hellman-exchange-group-sha1,
provides enhanced security by allowing for the prime number to be specified
during key exchange.
The target SSH2 server supports the diffie-hellman-group1-sha1 algorithm.
Has anybody an idea how can I fix this issue?
Thanks for Help!
Karl
It might help if you mentioned what SSH Server you are using? OpenSSH or some proprietary one?
I've just checked the OpenSSH config and while it mentions encryption ciphers there is no mention of key exchange algorithms, perhaps it's a compile time option but I don't compile my own for production (it's unmaintainable for security) so I wouldn't know.
If not using OpenSSH, would it be possible to switch to this? If your current server doesn't support the desired algorithm and if OpenSSH does, then this would probably solve your issue. Perhaps you should scan an OpenSSH system and see if the same problem is reported, but I doubt it (also, what are you using to scan it?).
-h
--
Hari Sekhon
- References:
- SSH Key Exchange Algorithm
- From: AdMon
- SSH Key Exchange Algorithm
- Prev by Date: Re: Authentication to SSHd server
- Next by Date: Re: Authentication to SSHd server
- Previous by thread: SSH Key Exchange Algorithm
- Index(es):
Relevant Pages
|
