Created attachment 3066 [details] Patch to remove the fallback mechanism. (This issue was discussed in-depth on the openssh-unix-dev mailing list here: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-September/036217.html) The Diffie-Hellman group exchange code has a fallback mechanism in case a sufficient entry in /etc/ssh/moduli is not found. Unfortunately, this mechanism directly disobeys what a sysadmin wants. For example, if the sysadmin deletes all DH groups with moduli smaller than 3072-bit, code will nevertheless return 2048-bit group14 (see dh.c:441). The correct behavior would be to disconnect with the client. In fact, ALL cases where a sufficient group cannot be found in /etc/ssh/moduli should result in a disconnect, as the admin has indicated that *only* those listed in that file should be used. Hence, the attached patch fully removes this fallback mechanism in order to respect the admin's wishes.
Comment on attachment 3066 [details] Patch to remove the fallback mechanism. I'm not sure I agree with removing the fallback and I don't think making people edit the moduli file is a great way to control which groups are negotiated. IMO a general MinimumDHSize option would probably be a better way to achieve this.