configure ssh2 dh-group

configure ssh2 dh-group minimum [1 | 14]

Description

Configures the minimal supported Diffie-Hellman group.

Syntax Description

dh-group Configures the Diffie-Hellman group. Used for cryptographic key exchange. Higher groups are stronger.
minimum Configures minimal supported Diffie-Hellman group to avoid using weaker groups.
1

Supports both Diffie-Hellman group 1 (1,024 bit prime) and group 14 (2,048 bit prime).

This is the default option.

14 Supports only group 14 (2,048 bit prime).

Default

The minimal supported Diffie-Hellman group is 1. That indicates both Diffie-Hellman groups 1 and 14 are supported by default.

Usage Guidelines

Openssh-6.5p1 supports Diffie-Hellman group 1 and Diffie-Hellman group 14 as part of the key exchange algorithms. By default, both Diffie-Hellman group 1 and Diffie-Hellman group14 are supported. You can configure the minimal supported Diffie-Hellman group as 14 to avoid using the weaker Diffie-Hellman group 1 in both the SSH server and client.

To revert back to using both Diffie-Hellman group 1 and Diffie-Hellman group 14, set the minimal support group to Diffie-Hellman group1.

The server picks the first entry from the client proposal and matches it with its own proposal. If there is no match, the server picks the next entry from the client proposal and so on. If no match is found, the connection is rejected.

Example

The following example configures only Diffie-Hellman group 14 as the minimum supported Diffie-Hellman group.

configure ssh2 dh-group minimum 14

History

This command was first available in ExtremeXOS 22.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.