The ssh server dh-exchange min-len command configures the minimum key length supported during Diffie-hellman-group-exchange key exchange between the SSH server and client.
The undo ssh server dh-exchange min-len command restores the default minimum key length supported during Diffie-hellman-group-exchange key exchange between the SSH server and client.
By default, the minimum key length supported is 1024 bytes.
| Parameter | Description | Value |
|---|---|---|
min-len |
Specifies the minimum Diffie-hellman-group-exchange key length supported on the SSH server. |
The value can be either 1024, 2048, or 3072, in bytes. |
The Diffie-hellman-group-exchange key of 1024 bytes poses security risks. If the SSH client supports the Diffie-hellman-group-exchange key of more than 1024 bytes, run the ssh server dh-exchange min-len command to set the minimum key length to 2048 or 3072 bytes to improve security. The minimum key length has been configured to 3072 bytes in the factory configuration file.
Security risks exist if the minimum Diffie-hellman-group-exchange key length is less than 2048 bytes. You are advised to set the minimum key length to 2048 or 3072 bytes.
By default, the device only supports the ssh server dh-exchange min-len command, and does not support the undo ssh server dh-exchange min-len command. To run the undo ssh server dh-exchange min-len command, install the weak security algorithm component package (product_version_WEAKEA.mod). For details, see Dynamic Loading.