How do I specify the key exchange method in OpenSSH?

ssh security openssh
44,011

OpenSSH 5.7 introduced the KexAlgorithms option:

ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.

So if you have at least that version, you should be able to pass -oKexAlgorithms=<kex_list> to specify your preferences.

AFAICT, the OpenSSH client won't actually print out what kex algorithm was negotiated, but if you pass -vv and look at the kex_parse_kexinit lines, you can see the list of kex algorithms (as well as lists of encryption, MAC, etc. algorithms) supported by the client, followed by the lists supported by the server. In theory, the client will select the first algorithm in its list that also appears in the server's list (i.e., the selection favors the client's preference). So for client list a,b,c and server list c,b, the client chooses algorithm b.

Share:
44,011

Related videos on Youtube

benf
Author by

benf

I'm an Embedded Software Engineer!

Updated on September 18, 2022

Comments

  • benf
    benf over 1 year

    I'm trying to understand how OpenSSH decides what key exchange method to use. What I don't see is how to specify the method. In addition, I know every ssh server/client is required to support at least two methods: diffie-helleman-group1-sha1 and diffie-helleman-group14-sha1, but its unclear to me how the server and client to choose between the two, given that each program must support both. I would think that in every case diffie-helleman-group14-sha1 is used since it has the larger MODP group.

    I can specify the cipher and the MAC:

    ssh <user@ip> -c aes256-cbc -m hmac-sha1

    but looking in the manpages I don't see an equivalent option for the key exchange. Can someone 1) tell me a way to specify this 2) explain how ssh chooses the method? (I suspect it always picks the first in the list, meaning the second is never, ever selected)

  • benf
    benf about 10 years
    Thank you, I missed that in the man pages. My second question was more along the lines of 'why is there even a -group1- option when both group14 and group1 are REQUIRED by the RFC? The only reason I see that group1 would get selected is if someone manually specified it.
  • jjlin
    jjlin over 8 years
    According to RFC 4253, Section 8.1, "[group1] MUST be supported for interoperability as all of the known implementations currently support it." So mainly to ensure backward compatibility at the time the RFC was written (2006), but group14 would be selected over group1 in any non-ancient client nowadays.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Does reinstalling openssh-server change the host key?
How to change encryption algorithm for private key file using OpenSSH 5.3
SSH: Effects of no-pty login option in authorized_keys
How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?
What is the difference between /etc/ssh/ and ~/.ssh?
What is the point of sshd “UseDNS” option?
SSH key-based authentication: known_hosts vs authorized_keys
SSH version update to 7.4 in ubuntu 14
How to handle ssh host key verification with 2 different hosts on the same (but changing) IP address?
What command do I use to see what the ECDSA key fingerprint of my server is?