Annoying 'no matching DH grp found'...

Aug 15, 2012 at 2:37 PM


I would like to help you fix problem of mismatching Diffie-Hellman groups.

It is really annoying not to have a correct error handling\failover for this.

I've got an access to quite large Unix based OS repository and as far as i found, this issue is certainly related to different versions of OpenSSL\OpenSSH.

How can I debug the problem to make it more clear for you?



Dec 28, 2012 at 1:13 AM

Hi Martin,


Sorry for getting back to you on this so late. I was busy with other project and had no time :(

If you still can help to debug this problem, first I think we should establish what DH groups are missing from the client that you using.

Second step would be to determine what prime number is used by each DH group and add it to the code and test to see if it works.

If you could provide me with DH group numbers and its prime numbers I could easly add it to the code and check it so you could test.

If you like you can use source code version and add those groups yourself and then if it wors you can submitt it as a patch so I could apply it to the main code.