looking at openssh source code: #define _PATH_DH_MODULI SSHDIR "/moduli" /* Backwards compatibility */ #define _PATH_DH_PRIMES SSHDIR "/primes"
both paths are defined, with primes being a legacy/compat one. Ubuntu only uses the current default /moduli path. These are documented in ssh-keygen, you can see this manpage over here too http://manpages.ubuntu.com/manpages/xenial/en/man1/ssh- keygen.1.html#contenttoc3 Note, openssh supports and can be forced to use more combinations on client <-> server than available in the moduli, hence the caveat as per manpage. If one needs moduli beyond what's available in /moduli path, one may need to generate extra ones. Nonetheless, please provide information as to how to reproduce this error ssh client in use, ssh server in use, and version details of both client and server. Ideally including architecture and exact package version numbers. The combined metadata on this bug report is inconsistent, and I'm failing to reproduce the described errors. ** Changed in: openssh (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1528251 Title: WARNING: no suitable primes in /etc/ssh/primes Status in openssh package in Ubuntu: Incomplete Bug description: For instance when the KexAlgorithms option in sshd_config is set to include Diffie Hellman group exchange (e.g. diffie-hellman-group-exchange-sha256), and the /etc/ssh/moduli file is regenerated to include only 4096 bit primes, the ssh server may log the above warning message to /var/log/auth.log, probably because the ssh client trying to log in does not allow for the use of 4096 bit primes during the key exchange. The alleged problem is the reference to /etc/ssh/primes instead of /etc/ssh/moduli. It would appear that the file /etc/ssh/primes is neither used by ssh server, nor documented. I note that this error appears to have been reported in several places on the web in the past years, but to no avail (e.g. http://misc.openbsd.narkive.com/tZPNEoZk/no-suitable-primes) Release: Ubuntu 14.04.3 LTS Package: openssh-server, Version: 1:6.6p1-2ubuntu2.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1528251/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
