Ubuntu 20.04 ssh-keygen unknown option -G unable to generate Diffie-Hellman parameters
Solution 1:
The reason invoked was to free up several option letters for the ssh-keygen
command. This was consolidated in additional -O
options and an modified use of the -M
option, which breaks compatibility with former versions. This was done on 30 Dec 2019 in this commit:
upstream: remove single-letter flags for moduli options
Move all moduli generation options to live under the -O flag.
Frees up seven single-letter flags.
NB. this change break existing ssh-keygen commandline syntax for moduli- related operations. Very few people use these fortunately.
feedback and ok markus@
OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935
The newer syntax is described in the newer (focal) ssh-keygen
man page under MODULI GENERATION:
Generation of primes is performed using the
-M generate
option. The desired length of the primes may be specified by the-O bits
option. For example:# ssh-keygen -M generate -O bits=2048 moduli-2048.candidates
[...]
# ssh-keygen -M screen -f moduli-2048.candidates moduli-2048
Solution 2:
This isn't an ubuntu issue, it is actually a part of OpenSSH. the diffie-hellman algorithm is notably weak and so they have made it legacy in more recent versions in favor of stronger algorithms.
If you need to communicate with a system that requires diffie-hellman you can do:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
Or you can substitute any legacy algorithm in place of diffie-hellman