Description of problem:
The new algorithm used in openssh for calculating size of DH parameters provides limited compatibility for embedded SSH servers.
In case the remote server supports only SHA-1 and SHA-2 MACs, openssh will always suggest usage of 7680 bit or 8192 bit DH group.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ssh -vv -o "MACs hmac-sha1" localhost
Depending on cipher selected:
aes-128, arcfour, blowfish: 3072
NIST SP 800-57.
See bug 1053107 for details.
Previous versions of openssh had a hard limit on DH group size at 4096 bit.
I raised the issue with upstream and they don't consider this to be an issue or willing to fix.
This probably should be closed as won't fix.