configure ssh2 dh-group
Description
Configures the minimal supported Diffie-Hellman group.
Syntax Description
dh-group | Configures the Diffie-Hellman group. Used for cryptographic key exchange. Higher groups are stronger. |
minimum | Configures minimal supported Diffie-Hellman group to avoid using weaker groups. |
1 |
Supports both Diffie-Hellman group 1 (1,024 bit prime) and group 14 (2,048 bit prime). This is the default option. |
14 | Supports only group 14 (2,048 bit prime). |
Default
The minimal supported Diffie-Hellman group is 1. That indicates both Diffie-Hellman groups 1 and 14 are supported by default.
Usage Guidelines
Openssh-6.5p1 supports Diffie-Hellman group 1 and Diffie-Hellman group 14 as part of the key exchange algorithms. By default, both Diffie-Hellman group 1 and Diffie-Hellman group14 are supported. You can configure the minimal supported Diffie-Hellman group as 14 to avoid using the weaker Diffie-Hellman group 1 in both the SSH server and client.
To revert back to using both Diffie-Hellman group 1 and Diffie-Hellman group 14, set the minimal support group to Diffie-Hellman group1.
The server picks the first entry from the client proposal and matches it with its own proposal. If there is no match, the server picks the next entry from the client proposal and so on. If no match is found, the connection is rejected.
Example
The following example configures only Diffie-Hellman group 14 as the minimum supported Diffie-Hellman group.
configure ssh2 dh-group minimum 14
History
This command was first available in ExtremeXOS 22.1.
Platform Availability
This command is available on Summit X440-G2, X450-G2, X460-G2, X620, X670-G2, X770 series switches.