FAQ: Problem accessing the ForumOS CLI with OpenSSH

Administrators using newer OpenSSH implementations for connecting to the ForumOS CLI may receive an error similar to:

DH GEX group out of range

This error was received with OpenSSH version 7.2p2.

 

Cause:

With latest releases of OpenSSH, the minimum key size is now 1536 for the server.  With Sentry v8.1, 8.3, and 8.5 the default SSH key used for the CLI is 1024.

 

Workaround:

It is possible to modify the key exchange algorithm by adding this to the command line of openssh: -o KexAlgorithms=diffie-hellman-group14-sha1

Example: ssh -v -o KexAlgorithms=diffie-hellman-group14-sha1 admin1@10.1.2.3

 

Future releases of Sentry will use a larger default key to avoid this problem.

0 Comments

Article is closed for comments.