configure ssh2 dh-group
Description
Configures the minimal supported Diffie-Hellman group.
Syntax Description
| dh-group | Configures the Diffie-Hellman group. Used for cryptographic key exchange. Higher groups are stronger. |
| minimum | Configures minimal supported Diffie-Hellman group to avoid using weaker groups. |
| 1 |
Supports Diffie-Hellman group 1 (1,024 bit), 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit). |
| 14 | Supports group 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192 bit). Default. |
| 16 | Supports Diffie-Hellman group 16 (4,096 bits) and 18 (8,192 bits). |
| 18 | Supports only Diffie-Hellman group 18 (8,192 bits). |
Default
The minimal supported Diffie-Hellman group is 14. This means that Diffie-Hellman groups 14, 16, and 18 are supported by default.
Usage Guidelines
Openssh-7.5p1 supports Diffie-Hellman group 1, 14, 16, and 18 as part of the key exchange algorithms. By default, Diffie-Hellman group 14, 16, and 18 are supported.
To revert back to using Diffie-Hellman group 1 (in addition to Diffie-Hellman group 14, 16, and 18), set the minimal support group to Diffie-Hellman group1.
The server picks the first entry from the client proposal and matches it with its own proposal. If there is no match, the server picks the next entry from the client proposal and so on. If no match is found, the connection is rejected.
Example
The following example configures Diffie-Hellman group 16 as the minimum supported Diffie-Hellman group.
configure ssh2 dh-group minimum 16
History
This command was first available in ExtremeXOS 22.1.
Support for Diffie-Hellman groups 16 and 18 was added in ExtremeXOS 22.5.
Platform Availability
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.