[Bug 1528251] Re: WARNING: no suitable primes in /etc/ssh/primes

Alexander bitbucket at mailbox.org
Tue Mar 22 21:09:25 UTC 2016 

Apologies for my late response. I am running different software now, but
the 'bug' is still present.  I can currently reproduce it as follows:

Server: openssh-server Version: 1:6.9p1-2ubuntu0.1, Architecture amd64 on Ubuntu 15.10 (wily)
Client: Prompt 2 v2.5.2 (Build 23057) on IOS 9.2.1 (see https://panic.com/prompt/)

My /etc/ssh/sshd_config mentions:
> KexAlgorithms   curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256

When my /etc/ssh/moduli is generated to contain only 4096 bit primes,
and I log in from my iPad using Prompt 2, the server logs the following
message in /var/log/auth.log:

Mar 22 21:47:40 srv01 sshd[28876]: WARNING: no suitable primes in
/etc/ssh/primes

The file /etc/ssh/primes does not exist on the server system; neither is
it mentioned in the (FILES section of the) sshd(8) manpage, which,
incidentally, does mention /etc/ssh/moduli. - The above message is not
logged in case /etc/ssh/moduli is generated to contain all of 2048, 3072
and 4096 bit primes.

I hope the report is now as complete as it should be. In case I find
other ways to reproduce the error, I will let you know.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1528251

Title:
  WARNING: no suitable primes in /etc/ssh/primes

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  
  For instance when the KexAlgorithms option in sshd_config is set to include Diffie Hellman group exchange (e.g. diffie-hellman-group-exchange-sha256), and the /etc/ssh/moduli file is regenerated to include only 4096 bit primes, the ssh server may log the above warning message to /var/log/auth.log, probably because the ssh client trying to log in does not allow for the use of 4096 bit primes during the key exchange. The alleged problem is the reference to /etc/ssh/primes instead of /etc/ssh/moduli. It would appear that the file /etc/ssh/primes is neither used by ssh server, nor documented.

  I note that this error appears to have been reported in several places
  on the web in the past years, but to no avail (e.g.
  http://misc.openbsd.narkive.com/tZPNEoZk/no-suitable-primes)

  
  Release: Ubuntu 14.04.3 LTS
  Package: openssh-server, Version: 1:6.6p1-2ubuntu2.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1528251/+subscriptions

More information about the foundations-bugs mailing list