Page 1 of 1

[Implemented] Improve SSH Diffie-Hellman KEX Options

Posted: Fri Jul 02, 2021 6:44 pm
by bwebb
Currently it seems Unimus only supports Diffie-Hellman key exchange with 2048-bits maximum. While this is currently an acceptable minimum, many platforms like FortiOS are no longer supporting 2048-bit key exchange by default for their 'hardened' administrative configurations:

https://docs.fortinet.com/document/fort ... encryption

While all of the other key exchange mechanisms work with the hardened configuration, 4096-bit and 8192-bit encryption is not supported by Unimus currently.

Re: Improve SSH Diffie-Hellman KEX Options

Posted: Thu Mar 24, 2022 8:56 pm
by Vik@Unimus
We have a new Unimus version 2.2.3-Beta1 live now, which contains a new SSH library which comes with improvements to compatibility with newer and stricter algorithms and some other encountered limitations like when a device used some non-standard key sizes for key exchange algorithms. You can find more information in our Beta branch thread

viewtopic.php?f=4&t=1454

and download a new version below

https://unimus.net/download-dev

If you get a chance, give it a try and let us know if it worked as expected, or if you encounter any other issue.