LinuxQuestions.org - Tectia 5.2 version

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Tectia 5.2 version (https://www.linuxquestions.org/questions/linux-newbie-8/tectia-5-2-version-4175605655/)

Tectia 5.2 version

Hello everybody. First time I'm dealing with tectia. The problem is I'm not sure where to define key exchange algorithm. I don't want tectia use Diffie-Helman-group1-sha1 KEx. But where to configure it?

This is output from SSH with -vv:

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss

I would assume because of KEx is not defined, it uses group14-sha1 and group-sha1 by default.

How can I remove Diffie-Helman-group1-sha1?

Thank you,

Regards.

PS:

[root@]# rpm -qa | grep tectia
ssh-tectia-server-5.2.0-364.i386
ssh-tectia-common-5.2.0-364.i386

Quote:

Originally Posted by subkg (Post 5708756)

Well, without knowing what version/distro of Linux you're using, it makes it harder to help you. That said...this particular piece of software is a commercial, pay for product, which gets you support:
https://www.ssh.com/products/support/

...and the configuration options are listed in the documentation:
https://www.ssh.com/manuals/

Since you're having problems with a particular piece of commercial software, the best thing to do would be to use the support you're paying for, and ask them. The stock SSH that comes with pretty much every distro of Linux is typically updated and secure. Any particular reason you're going with something else?

Quote:

Originally Posted by TB0ne (Post 5711369)

Sorry for not mentioning the Linux distro - it's RedHat 6.9. Well, it's my client server and it takes time to get support involved here I think. The reason is, that installed Tectia is using outdated Diffie-Helman-group1-sha1 key exchange method.

Quote:

Originally Posted by subkg (Post 5711549)

Sorry for not mentioning the Linux distro - it's RedHat 6.9. Well, it's my client server and it takes time to get support involved here I think.

RHEL 6.9 and Tectia are both products you pay for and as such, you pay for the support. Support from both, even at the lowest tier, is normal business hours, five days a week. Should be zero problems getting support involved.

Quote:

The reason is, that installed Tectia is using outdated Diffie-Helman-group1-sha1 key exchange method.

So then use the stock SSH that comes with RHEL.

Quote:

Originally Posted by TB0ne (Post 5711559)

Ok......I personally don't pay for anything, my customer does. My question is - is there any chance, to change the key exchange method in the Tectia 5.2 or not? If you know how, please advice. Thank you, I appreciate it.

Quote:

Originally Posted by subkg (Post 5712023)

Ok......I personally don't pay for anything, my customer does.

Understand that, and you've said that before. And no matter WHO pays, support is being paid for. Call them...if your customer has tasked you to fix this, then get their support contract ID's, and make the call.

Quote:

My question is - is there any chance, to change the key exchange method in the Tectia 5.2 or not? If you know how, please advice.

Again: if you have questions about the Tectia product, you need to call them and/or read their documentation...there isn't another answer. While I could go digging through the documentation on their product (which I have handed you a link to previously), since this is your job, that is your responsibility.

Either use the stock SSH and contact Red Hat support for assistance with it, or call Tectia support, and ask them how to modify their product. However, before calling RHEL support, be aware that there is ample documentation on how to specify the key exchange method for openSSH.