75 lines
3.4 KiB
Plaintext
75 lines
3.4 KiB
Plaintext
MODULI(5) File Formats Manual MODULI(5)
|
|
|
|
NAME
|
|
moduli M-bM-^@M-^S Diffie-Hellman moduli
|
|
|
|
DESCRIPTION
|
|
The /etc/moduli file contains prime numbers and generators for use by
|
|
sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
|
|
|
|
New moduli may be generated with ssh-keygen(1) using a two-step process.
|
|
An initial candidate generation pass, using ssh-keygen -M generate,
|
|
calculates numbers that are likely to be useful. A second primality
|
|
testing pass, using ssh-keygen -M screen, provides a high degree of
|
|
assurance that the numbers are prime and are safe for use in Diffie-
|
|
Hellman operations by sshd(8). This moduli format is used as the output
|
|
from each pass.
|
|
|
|
The file consists of newline-separated records, one per modulus,
|
|
containing seven space-separated fields. These fields are as follows:
|
|
|
|
timestamp The time that the modulus was last processed as
|
|
YYYYMMDDHHMMSS.
|
|
|
|
type Decimal number specifying the internal structure of
|
|
the prime modulus. Supported types are:
|
|
|
|
0 Unknown, not tested.
|
|
2 "Safe" prime; (p-1)/2 is also prime.
|
|
4 Sophie Germain; 2p+1 is also prime.
|
|
|
|
Moduli candidates initially produced by ssh-keygen(1)
|
|
are Sophie Germain primes (type 4). Further primality
|
|
testing with ssh-keygen(1) produces safe prime moduli
|
|
(type 2) that are ready for use in sshd(8). Other
|
|
types are not used by OpenSSH.
|
|
|
|
tests Decimal number indicating the type of primality tests
|
|
that the number has been subjected to represented as a
|
|
bitmask of the following values:
|
|
|
|
0x00 Not tested.
|
|
0x01 Composite number M-bM-^@M-^S not prime.
|
|
0x02 Sieve of Eratosthenes.
|
|
0x04 Probabilistic Miller-Rabin primality tests.
|
|
|
|
The ssh-keygen(1) moduli candidate generation uses the
|
|
Sieve of Eratosthenes (flag 0x02). Subsequent
|
|
ssh-keygen(1) primality tests are Miller-Rabin tests
|
|
(flag 0x04).
|
|
|
|
trials Decimal number indicating the number of primality
|
|
trials that have been performed on the modulus.
|
|
|
|
size Decimal number indicating the size of the prime in
|
|
bits.
|
|
|
|
generator The recommended generator for use with this modulus
|
|
(hexadecimal).
|
|
|
|
modulus The modulus itself in hexadecimal.
|
|
|
|
When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
|
|
the size of the modulus required to produce enough Diffie-Hellman output
|
|
to sufficiently key the selected symmetric cipher. sshd(8) then randomly
|
|
selects a modulus from /etc/moduli that best meets the size requirement.
|
|
|
|
SEE ALSO
|
|
ssh-keygen(1), sshd(8)
|
|
|
|
STANDARDS
|
|
M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
|
|
the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
|
|
|
|
OpenBSD 7.5 April 16, 2022 OpenBSD 7.5
|