Re: Is there an option switch to lower minimum DH strength in SSH client?

>I was finally able to bring our OpenBSD based Network Management System up >to the current OS release (it was a couple of years out of date) but this >process broke access to a large number of older HP switches on our network. >Thorough analysis of the problem and study of the source code lead me

Re: Is there an option switch to lower minimum DH strength in SSH client?

On Fri, Nov 03, 2017 at 12:06:22AM -0400, Jacob Leifman wrote: > I was finally able to bring our OpenBSD based Network Management System up > to the current OS release (it was a couple of years out of date) but this > process broke access to a large number of older HP switches on our network. >

Re: Is there an option switch to lower minimum DH strength in SSH client?

Chris Turner writes: > Encryption options can be selected by the client so long as they are available Which is the issue. The change to usr.bin/ssh/dh.h was: -#define DH_GRP_MIN 1024 +#define DH_GRP_MIN 2048 So the new DH_GRP_MIN value of 2048 is compiled

Re: Is there an option switch to lower minimum DH strength in SSH client?

On 03/11/17 15:27, Jacob Leifman wrote: >> KexAlgorithms +diffie-hellman-group1-sha1 >> Ciphers +aes128-cbc >> >> Regards >> > > Hi, > > Not quite, I have the converse problem -- using the modern ssh client and > being unable to connect to an older embedded ssh server. But your solution >

Re: Is there an option switch to lower minimum DH strength in SSH client?

On 11/03/17 08:27, Jacob Leifman wrote: Not quite, I have the converse problem -- using the modern ssh client and being unable to connect to an older embedded ssh server. But your solution indicates that in the ssh server implementation the explicit compatibility mode actually works.

Re: Is there an option switch to lower minimum DH strength in SSH client?

On Fri, Nov 3, 2017 at 9:17 AM, Solène Rapenne wrote: > Je 2017-11-03 05:06, Jacob Leifman skribis: > > I was finally able to bring our OpenBSD based Network Management System up >> to the current OS release (it was a couple of years out of date) but this >> process broke access

Re: Is there an option switch to lower minimum DH strength in SSH client?

On Fri, Nov 3, 2017 at 8:37 AM, Janne Johansson wrote: > 2017-11-03 5:06 GMT+01:00 Jacob Leifman >: > >> I was finally able to bring our OpenBSD based Network Management System up >> to the current OS release (it was a couple of years out

Re: Is there an option switch to lower minimum DH strength in SSH client?

2017-11-03 14:17 GMT+01:00 Jacob Leifman : > On Fri, Nov 3, 2017 at 8:37 AM, Janne Johansson > wrote: > >> 2017-11-03 5:06 GMT+01:00 Jacob Leifman > .org>: >> >>> >>> If your vendor, even with a <1y firmware

Re: Is there an option switch to lower minimum DH strength in SSH client?

Je 2017-11-03 05:06, Jacob Leifman skribis: I was finally able to bring our OpenBSD based Network Management System up to the current OS release (it was a couple of years out of date) but this process broke access to a large number of older HP switches on our network. Thorough analysis of the

Re: Is there an option switch to lower minimum DH strength in SSH client?

2017-11-03 13:53 GMT+01:00 Gregory Edigarov : > You should be asking HP how come they can't keep the free sshd code >> updated, >> if security is your prime concern, not ask openbsd to lower everyone elses >> security. >> >> I think for most vendors, it is a rather

Re: Is there an option switch to lower minimum DH strength in SSH client?

On Fri, Nov 03, 2017 at 02:53:53PM +0200, Gregory Edigarov wrote: > I think for most vendors, it is a rather administrative, than technical > question. > Yes, their technical people can update code, yes they can do it quick, but > their management is slow... Often, the same management is telling

Re: Is there an option switch to lower minimum DH strength in SSH client?

On 03.11.17 14:37, Janne Johansson wrote: 2017-11-03 5:06 GMT+01:00 Jacob Leifman : I was finally able to bring our OpenBSD based Network Management System up to the current OS release (it was a couple of years out of date) but this process broke access to a

Re: Is there an option switch to lower minimum DH strength in SSH client?

2017-11-03 5:06 GMT+01:00 Jacob Leifman : > I was finally able to bring our OpenBSD based Network Management System up > to the current OS release (it was a couple of years out of date) but this > process broke access to a large number of older HP switches on