libssh versions 0.1 and above have a bits/bytes confusion bug and generate an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.The resulting secret is 128 bits long, instead of the recommended sizes of 1024and 2048 bits respectively. There are practical algorithms that can solve this problem in O operations. Fixed In Version: libssh 0.7.3