Add key exchange algorithm diffie-hellman-group-exchange-sha256

[dkocher]

Currently only diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 is implemented.

[dkocher]

Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

[dkocher]

Refer also to Specifications implemented by OpenSSH.

[grkvlt]

Any progress on this? It is becoming an issue due to many SSH servers deprecating support for the SHA-1 algorithm, so we cannot connect to them. How much work would be involved adding this support?

[hierynomus]

No progress on this yet. From what I read the flow for this exhange
algorithm seems different from the current ones. This might mean it's a
"big" refactoring.

2015-05-09 0:24 GMT+02:00 Andrew Donald Kennedy [email protected]:

Any progress on this? It is becoming an issue due to many SSH servers
deprecating support for the SHA-1 algorithm, so we cannot connect to them.
How much work would be involved adding this support?

—
Reply to this email directly or view it on GitHub
#167 (comment).

[MichalStaruch]

This issue blocks secure sshd configuration on every server that needs to be accessible via sshj. It's 2015 now and SHA-1 shouldn't be used for crypto, anymore - it's too easy to generate collisions on it. And RFC4419 where diffie-hellman-group-exchange-sha256 was defined is 9 years old already...

PS You might want to check the Secure Secure Shell article for some other sshd settings worth checking.

[paulschreiber]

+1

[dkocher]

👏