Are there any security benefits to deploying custom SSH DH groups to client-only systems?

Solution 1:

You can if you really want, but I wouldn't bother regenerating 2048-bit DH parameters for OpenSSH. There are much more important things you need to do to secure SSH, like disabling weak crypto.

What I would do is delete the existing ones which are less than 2048 bits.

awk '$5 >= 2000' /etc/ssh/moduli > /etc/ssh/moduli.strong && \
mv /etc/ssh/moduli.strong /etc/ssh/moduli

In case you hadn't noticed, OpenSSH ships with a large number of pre-generated moduli, all the way up to 8192 bits. While we're certainly concerned about 1024-bit primes today, 2048-bit ones are believed to be safe for the foreseeable future. And while that will eventually change, it could be next week, but it's more likely to be long after we've become pensioners...

There is also this curious bit in the ssh-keygen man page:

It is important that this file contains moduli of a range of bit lengths and that both ends of a connection share common moduli.

Which seems to argue against replacing existing moduli, though it doesn't really provide the actual reason for doing so.

Solution 2:

The answer is: No. There are no benefits. :)

/etc/ssh/moduli file is only used for the server-side.

You don't need to worry about that file for the SSH client-side:

You can trace the execution of SSH client and check that it does not open that file.

$ strace -e openat ssh user@localhost