Administrators using newer OpenSSH implementations for connecting to the ForumOS CLI may receive an error similar to:
DH GEX group out of range
This error was received with OpenSSH version 7.2p2.
Cause:
With latest releases of OpenSSH, the minimum key size is now 1536 for the server. With Sentry v8.1, 8.3, and 8.5 the default SSH key used for the CLI is 1024.
Workaround:
It is possible to modify the key exchange algorithm by adding this to the command line of openssh: -o KexAlgorithms=diffie-hellman-group14-sha1
Example: ssh -v -o KexAlgorithms=diffie-hellman-group14-sha1 admin1@10.1.2.3
Future releases of Sentry will use a larger default key to avoid this problem.
0 Comments