Configures the minimal supported Diffie-Hellman group.
| dh-group | Configures the Diffie-Hellman group. Used for cryptographic key exchange. Higher groups are stronger. |
| minimum | Configures minimal supported Diffie-Hellman group to avoid using weaker groups. |
| 1 |
Supports Diffie-Hellman group 1 (1,024 bit), 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit). |
| 14 | Supports group 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit). Default. |
| 16 | Supports Diffie-Hellman group 16 (4,096 bits) and 18 (8,192 bits). |
| 18 | Supports only Diffie-Hellman group 18 (8,192 bits). |
The minimal supported Diffie-Hellman group is 14. This means that Diffie-Hellman groups 14, 16, and 18 are supported by default.
Openssh-7.5p1 supports Diffie-Hellman group 1, 14, 16, and 18 as part of the key exchange algorithms. By default, Diffie-Hellman group 14, 16, and 18 are supported.
To revert back to using Diffie-Hellman group 1 (in addition to Diffie-Hellman group 14, 16, and 18), set the minimal support group to Diffie-Hellman group1.
The server picks the first entry from the client proposal and matches it with its own proposal. If there is no match, the server picks the next entry from the client proposal and so on. If no match is found, the connection is rejected.
The following example configures Diffie-Hellman group 16 as the minimum supported Diffie-Hellman group.
configure ssh2 dh-group minimum 16
This command was first available in ExtremeXOS 22.1.
Support for Diffie-Hellman groups 16 and 18 was added in ExtremeXOS 22.5.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.