LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSHD warning - using fixed modulus (https://www.linuxquestions.org/questions/linux-security-4/sshd-warning-using-fixed-modulus-880166/)

sang_froid 05-11-2011 03:16 PM
SSHD warning - using fixed modulus
 
Hi,

I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.

But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:

PHP Code:
WARNING: /etc/ssh/moduli does not existusing fixed modulus 
Does this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks ??

Any ideas ???

sundialsvcs 05-12-2011 09:01 AM
See: man moduli.

The "Diffie-Hellman Key Exchange" is that point in the initial negotiation process where the two parties ("Alice" and "Bob") use public-key cipher techniques to negotiate and agree upon a random symmetric-cipher key that they will (initially...) use in their upcoming conversation. Part of that technique involves the use of large prime numbers. Some suitable numbers are built-in ("fixed"), but the moduli file allows you to pre-compute a list of candidate primes from which to randomly choose. I am not technically qualified to say what the total ramifications might be. But my uneducated opinion is that it is a choice between "strong," and "stronger yet."

NyteOwl 05-12-2011 03:33 PM
Not that you shouldn't ask here, but you paid for RHEL because it includes support. WHat did RH have to say?


All times are GMT -5. The time now is 09:24 AM.