configure ssh2 dh-group

configure ssh2 dh-group minimum [1 | 14 | 16 | 18]

Description

Configures the minimal supported Diffie-Hellman group.

Syntax Description

dh-group Configures the Diffie-Hellman group. Used for cryptographic key exchange. Higher groups are stronger.
minimum Configures minimal supported Diffie-Hellman group to avoid using weaker groups.
1

Supports Diffie-Hellman group 1 (1,024 bit), 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit).

14 Supports group 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit). Default.
16 Supports Diffie-Hellman group 16 (4,096 bits) and 18 (8,192 bits).
18 Supports only Diffie-Hellman group 18 (8,192 bits).

Default

The minimal supported Diffie-Hellman group is 14. This means that Diffie-Hellman groups 14, 16, and 18 are supported by default.

Usage Guidelines

Openssh-7.5p1 supports Diffie-Hellman group 1, 14, 16, and 18 as part of the key exchange algorithms. By default, Diffie-Hellman group 14, 16, and 18 are supported.

To revert back to using Diffie-Hellman group 1 (in addition to Diffie-Hellman group 14, 16, and 18), set the minimal support group to Diffie-Hellman group1.

The server picks the first entry from the client proposal and matches it with its own proposal. If there is no match, the server picks the next entry from the client proposal and so on. If no match is found, the connection is rejected.

Example

The following example configures Diffie-Hellman group 16 as the minimum supported Diffie-Hellman group.

configure ssh2 dh-group minimum 16

History

This command was first available in ExtremeXOS 22.1.

Support for Diffie-Hellman groups 16 and 18 was added in ExtremeXOS 22.5.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.