fatal: DH_GEX_REQUEST, bad parameters: 2048 !< 1024 !< 8192

  • A+
Categories:Linux

These days got an issue that some AIX servers could not access one Linux server:

------@------:/home/------/.ssh$ssh 192.168.3.66
Connection closed by 192.168.3.66

(I removed the hostname and username).

From the ssh server, I found more detail reason:

sshd[17834]: fatal: DH_GEX_REQUEST, bad parameters: 2048 !< 1024 !< 8192

Also could verify such error from the client side:

------@------:/home/------/.ssh$ssh -vvv 192.168.3.66
OpenSSH_6.0p1, OpenSSL 1.0.2m  2 Nov 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): Could not load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
System error: No such file or directory

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.3.66 [192.168.3.66] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/------/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/------/.ssh/id_rsa type 1
debug1: identity file /home/------/.ssh/id_rsa-cert type -1
debug1: identity file /home/------/.ssh/id_dsa type -1
debug1: identity file /home/------/.ssh/id_dsa-cert type -1
debug1: identity file /home/------/.ssh/id_ecdsa type -1
debug1: identity file /home/------/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.3.66" from file "/home/------/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 192.168.3.66

I found below useful note from Novell:

ssh and sftp client failures after updating openssh package

And I knew the OpenSSH was upgraded within several months on these AIX servers, so this issue should be an compatibility issue as the client only accepted host key at least 2048 bits or more while the server with lower version and preferred 1024 bit.

One workaround was using parameter KexDHMin or KexAlgorithms. On AIX I have to use the latter one as it is the only supported one.

------@------:/home/------/.ssh$ssh -o KexAlgorithms=diffie-hellman-group14-sha1 192.168.3.66
The authenticity of host '192.168.3.66 (192.168.3.66)' can't be established.
RSA key fingerprint is 79:96:b8:4b:cc:74:35:71:1b:a4:0a:80:3d:3e:7b:e7.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.

(I input 'no' just for test purpose.)

If I have many clients, I have to do such modify on everyone of them, so this way is not so good.

I read many documents and found this issue maybe could be fixed by enabled more Key Exchange Algorithms on the ssh server.

From the man page of ssh_config on the AIX clients:

          KexAlgorithms
               Specifies the available KEX (Key Exchange) algorithms.
               Multiple algorithms must be comma-separated.  The
	       default is:

               ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
               diffie-hellman-group-exchange-sha256,
               diffie-hellman-group-exchange-sha1,
               diffie-hellman-group14-sha1,
               diffie-hellman-group1-sha1

While on the server:

     KexAlgorithms
             Specifies the available KEX (Key Exchange) algorithms.  Multiple algorithms must be comma-separated.  The default is
             “diffie-hellman-group-exchange-sha256”, “diffie-hellman-group-exchange-sha1”, “diffie-hellman-group14-sha1”,
             “diffie-hellman-group1-sha1”.

The version of the ssh server is 5.3, so it should be able to support ECDH key exchange method, and I learned how to do it from the KDB on the RedHat:

How to use ECDSA and ECDH with openssh on Red Hat Enterprise Linux 6?

The steps were not complicate:

[root@------ ssh]# ssh-keygen -t ecdsa -b 384 -f /etc/ssh/ssh_host_ecdsa_key
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
0d:10:6b:37:ef:ea:71:0d:48:62:06:9f:0b:b5:c6:6e root@------
The key's randomart image is:
+--[ECDSA  384]---+
|    . +.         |
|     = =         |
|    . % =        |
|     B = *       |
|      E S +      |
|     .   . o     |
|        . o .    |
|         +       |
|       .o        |
+-----------------+
[root@------ ssh]# ssh-keygen -y -f ./ssh_host_ecdsa_key
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMdMOt813mc1t69195qvFQUAK2CdM9ImXwnfHxiOuC4dDOBmtJ/vqGXPlssuC25VUVAx/lXsk1hYInqmMJD0SNdEyUTPpcpXknhZS37LtoRwdOXDTVJ9HHpI/2b4yeJKdw==
[root@------ ssh]# chmod 640 /etc/ssh/ssh_host_ecdsa_key
[root@------ ssh]# chmod 640 /etc/ssh/ssh_host_ecdsa_key.pub
[root@------ ssh]# chcon -t sshd_key_t /etc/ssh/ssh_host_ecdsa_key*
chcon: can't apply partial context to unlabeled file `/etc/ssh/ssh_host_ecdsa_key'
chcon: can't apply partial context to unlabeled file `/etc/ssh/ssh_host_ecdsa_key.pub'

Then made a backup of /etc/ssh/sshd_config and added below line to it:

 KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

We could confirm this change:

[root@------ ssh]# diff sshd_config.bak sshd_config
138a139,140
>
> KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[root@------ ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Then connected it from the client:

------@------:/home/------/.ssh$ssh 192.168.3.66
The authenticity of host '192.168.3.66 (192.168.3.66)' can't be established.
RSA key fingerprint is 79:96:b8:4b:cc:74:35:71:1b:a4:0a:80:3d:3e:7b:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.66' (RSA) to the list of known hosts.
------@192.168.3.66's password:
Last login: Fri Mar 23 22:08:56 2018 from 192.168.1.43

***   Access to and use of this system is strictly restricted    ***
***             to explicitly authorized persons.                ***
***     Any violation is prohibited and will be prosecuted.      ***

So it did work. :)

Comment

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: