[Bug 1528251] Re: WARNING: no suitable primes in /etc/ssh/primes
Alexander
bitbucket at mailbox.org
Tue Mar 22 21:09:25 UTC 2016
Apologies for my late response. I am running different software now, but
the 'bug' is still present. I can currently reproduce it as follows:
Server: openssh-server Version: 1:6.9p1-2ubuntu0.1, Architecture amd64 on Ubuntu 15.10 (wily)
Client: Prompt 2 v2.5.2 (Build 23057) on IOS 9.2.1 (see https://panic.com/prompt/)
My /etc/ssh/sshd_config mentions:
> KexAlgorithms curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256
When my /etc/ssh/moduli is generated to contain only 4096 bit primes,
and I log in from my iPad using Prompt 2, the server logs the following
message in /var/log/auth.log:
Mar 22 21:47:40 srv01 sshd[28876]: WARNING: no suitable primes in
/etc/ssh/primes
The file /etc/ssh/primes does not exist on the server system; neither is
it mentioned in the (FILES section of the) sshd(8) manpage, which,
incidentally, does mention /etc/ssh/moduli. - The above message is not
logged in case /etc/ssh/moduli is generated to contain all of 2048, 3072
and 4096 bit primes.
I hope the report is now as complete as it should be. In case I find
other ways to reproduce the error, I will let you know.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1528251
Title:
WARNING: no suitable primes in /etc/ssh/primes
Status in openssh package in Ubuntu:
Incomplete
Bug description:
For instance when the KexAlgorithms option in sshd_config is set to include Diffie Hellman group exchange (e.g. diffie-hellman-group-exchange-sha256), and the /etc/ssh/moduli file is regenerated to include only 4096 bit primes, the ssh server may log the above warning message to /var/log/auth.log, probably because the ssh client trying to log in does not allow for the use of 4096 bit primes during the key exchange. The alleged problem is the reference to /etc/ssh/primes instead of /etc/ssh/moduli. It would appear that the file /etc/ssh/primes is neither used by ssh server, nor documented.
I note that this error appears to have been reported in several places
on the web in the past years, but to no avail (e.g.
http://misc.openbsd.narkive.com/tZPNEoZk/no-suitable-primes)
Release: Ubuntu 14.04.3 LTS
Package: openssh-server, Version: 1:6.6p1-2ubuntu2.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1528251/+subscriptions
More information about the foundations-bugs
mailing list