{"id":26,"date":"2016-10-21T09:47:17","date_gmt":"2016-10-21T09:47:17","guid":{"rendered":"http:\/\/www.christophervickery.com\/Notes\/?p=26"},"modified":"2016-10-21T09:48:34","modified_gmt":"2016-10-21T09:48:34","slug":"dh_gex_group_out_of_range","status":"publish","type":"post","link":"https:\/\/www.christophervickery.com\/Notes\/index.php\/2016\/10\/21\/dh_gex_group_out_of_range\/","title":{"rendered":"lftp says \u201cDH GEX group out of range\u201d"},"content":{"rendered":"<p>I use <a href=\"https:\/\/lftp.yar.ru\/\">lftp<\/a>\u00a0in a launchctl script to transfer and delete files from an Axway\/Tumbleweed secure server, but after upgrading to macos Sierra, the connection failed (and looped forever retrying) with a brief flash of a \u201cDH GEX group out of range\u201d message.<\/p>\n<p>Searching for the message reveals that it\u2019s an\u00a0<em>ssh<\/em> issue (DH is diffie-hellman): Apple apparently changed ssh to use a shorter keys by default in order to encourage use of TLS. At least I think that\u2019s what happened. Could be that the secure server changed its key negotiation requirements the same day I upgraded to Sierra. The explanation of the error message (and solution to the problem) showed up in a Linux server forum.<\/p>\n<p>First I mistakenly tried to rebuild lftp, which I could not do because <em>.\/configure<\/em> died saying it couldn\u2019t find the <em>readline<\/em> headers even though they were there (<em>brew link &#8211;force readline<\/em>). The second dead end was to try to change the f<em>ish:connect-program<\/em> setting for lftp, but that had no effect. Finally, I scrolled through the lftp man page far enough to realize that the proper configuration setting is <em>sftp:connect-program<\/em>.<\/p>\n<p>So I created <em>~\/.lftprc<\/em> and put this line in it:<\/p>\n<p><code>set sftp:connect-program \"ssh -a -x -o KexAlgorithms=diffie-hellman-group14-sha1\"<\/code><\/p>\n<p>###<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I use lftp\u00a0in a launchctl script to transfer and delete files from an Axway\/Tumbleweed secure server, but after upgrading to macos Sierra, the connection failed (and looped forever retrying) with a brief flash of a \u201cDH GEX group out of range\u201d message. Searching for the message reveals that it\u2019s an\u00a0ssh issue (DH is diffie-hellman): Apple [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","_share_on_mastodon":"0"},"categories":[6,5,2],"tags":[],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-lftp","category-macos","category-site-admin"],"share_on_mastodon":{"url":"","error":""},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":2,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":28,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/posts\/26\/revisions\/28"}],"wp:attachment":[{"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.christophervickery.com\/Notes\/index.php\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}