Karen Lewellen wrote: > 1. > I am not using Linux, but an ssh client compiled from a combination of > tools, Linux and otherwise, including putty. > I have been very firm in not stating that I use Linux at all.
Kind of a bad move, what with this being a Debian (Linux) mailing list. Lot of wasted effort would've been saved. > In fact the first sentence of my question stated that while the issue is > complex, the question, where dh keys are generated, was simple. They're generated on the fly at the time of connection. The server and client each (should) have a "moduli" file somewhere, where they can seed the DH key generation from (in whichever version of Debian I'm running on this test box, it happens to be /etc/ssh/moduli) > 2. I can state firmly that the port number has absolutely a great deal > to do with my issue. You can say that til you're blue in the face, it doesn't make you correct though. As I said before, the selection of a standard vs. nonstandard port for ssh (or, any service for that matter) has no bearing on the Diffie-Hellman Key Exchange portion of the handshake. > best evidence? your getting this e-mail at all. I assume you mean to imply that you're ssh'd into some remote host and it just so happens to be running a service on a nonstandard port. See above for the refutation of this claim. > I am writing using a shell service that uses Ubuntu 16.04 as its > platform...same as dreamhost. > we do not use port 22 here, and I can use my ssh client to reach my > workspace..doing such as we speak.. > Likewise an associate who hosts their own servers created a temp account > for me, using port 4460...worked perfectly. > I respect other factors might be involved, but my goal is the swiftest > solution that lets us move our services from dreamhost somewhere else to > which I can ssh from my desktop/ > If choosing a location with a port other than 22 solves the issue, it is > good enough for me. The thing is, it's NOT the selection of the port that's making it work (or not) - it's a difference between your SSH client and the server's acceptable range for key moduli. For Openssh 6.7p1 DH_GRP_MIN 1024 DH_GRP_MAX 8192 For Openssh 7.4 DH_GRP_MIN 2048 DH_GRP_MIN 8192 Since you're running a series of ssh clients (? ... or a amalgamation of all of them ...?), it's up to you to check the various changelogs of them to see if you need updates (or if they've been abandoned or ... ) -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
