Hi,

I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.

But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:

Does this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks ??

Any ideas ???

See: man moduli.

The "Diffie-Hellman Key Exchange" is that point in the initial negotiation process where the two parties ("Alice" and "Bob") use public-key cipher techniques to negotiate and agree upon a random symmetric-cipher key that they will (initially...) use in their upcoming conversation. Part of that technique involves the use of large prime numbers. Some suitable numbers are built-in ("fixed"), but the moduli file allows you to pre-compute a list of candidate primes from which to randomly choose. I am not technically qualified to say what the total ramifications might be. But my uneducated opinion is that it is a choice between "strong," and "stronger yet."

Not that you shouldn't ask here, but you paid for RHEL because it includes support. WHat did RH have to say?