1

Using SSH (DH Group Exchange SHA256) with RSA authentication keys.

Since the initial handshake uses asymmetric algorithms (RSA, Diffie-Hellman) to handle authentication and setup of a shared secret, what is the relationship between these sshd settings:

  • Max Group Size for Diffie-Hellman group key exchange
  • Minimum group size for Diffie-Hellman group key exchange
  • Normal Group size for Diffie-Hellman group key exchange

and

  • the size of the RSA key?

For example, is the min/max/normal used to limit the acceptable key size ?

or are these completely different concepts?

EDIT
I do not believe this is the same question. Specifically speaking, this is not about RSA key exchange vs D-H key exchange and their key length relationship; as described in the linked question/answer.

Rather, this is in regard to RSA authentication option of SSH - used in conjunction with D-H. This is the RSA used to "sign" the D-H parameters going back and forth within the protocol. (It is also an alternative to SSH passwords).

Another way to phrase the question - are the min/max/normal groups specifically only for the DH parameters and have no relation to the RSA signing of the D-H parameters?

P.S.
  • 113
  • 5
  • The concept is similar to how logjam works, there are several group sizes (1024, 2048...) 1024 is entirely known, using a key that belongs in this group is how logjam (after it downgrades) breaks the instance of a DH key exchange. The group size tells how many bits each key has in that group – Purefan Mar 07 '17 at 07:39
  • @purefan: please see edit. – P.S. Mar 07 '17 at 18:24
  • 1
    As far as I know group sizes are DH specific – Purefan Mar 08 '17 at 08:08

0 Answers0