1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
<table class="head">
<tr>
<td class="head-ltitle">MODULI(5)</td>
<td class="head-vol">File Formats Manual</td>
<td class="head-rtitle">MODULI(5)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">moduli</code> —
<span class="Nd">Diffie-Hellman moduli</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">The <span class="Pa">/etc/ssh/moduli</span> file contains prime
numbers and generators for use by <a class="Xr">sshd(8)</a> in the
Diffie-Hellman Group Exchange key exchange method.</p>
<p class="Pp" id="candidate">New moduli may be generated with
<a class="Xr">ssh-keygen(1)</a> using a two-step process. An initial
<a class="permalink" href="#candidate"><i class="Em">candidate
generation</i></a> pass, using <code class="Ic">ssh-keygen -G</code>,
calculates numbers that are likely to be useful. A second
<a class="permalink" href="#primality"><i class="Em" id="primality">primality
testing</i></a> pass, using <code class="Ic">ssh-keygen -T</code>, provides
a high degree of assurance that the numbers are prime and are safe for use
in Diffie-Hellman operations by <a class="Xr">sshd(8)</a>. This
<code class="Nm">moduli</code> format is used as the output from each
pass.</p>
<p class="Pp">The file consists of newline-separated records, one per modulus,
containing seven space-separated fields. These fields are as follows:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt>timestamp</dt>
<dd>The time that the modulus was last processed as YYYYMMDDHHMMSS.</dd>
<dt>type</dt>
<dd>Decimal number specifying the internal structure of the prime modulus.
Supported types are:
<p class="Pp"></p>
<dl class="Bl-tag Bl-compact">
<dt>0</dt>
<dd>Unknown, not tested.</dd>
<dt>2</dt>
<dd>"Safe" prime; (p-1)/2 is also prime.</dd>
<dt>4</dt>
<dd>Sophie Germain; 2p+1 is also prime.</dd>
</dl>
<p class="Pp">Moduli candidates initially produced by
<a class="Xr">ssh-keygen(1)</a> are Sophie Germain primes (type 4).
Further primality testing with <a class="Xr">ssh-keygen(1)</a> produces
safe prime moduli (type 2) that are ready for use in
<a class="Xr">sshd(8)</a>. Other types are not used by OpenSSH.</p>
</dd>
<dt>tests</dt>
<dd>Decimal number indicating the type of primality tests that the number has
been subjected to represented as a bitmask of the following values:
<p class="Pp"></p>
<dl class="Bl-tag Bl-compact">
<dt>0x00</dt>
<dd>Not tested.</dd>
<dt>0x01</dt>
<dd>Composite number – not prime.</dd>
<dt>0x02</dt>
<dd>Sieve of Eratosthenes.</dd>
<dt>0x04</dt>
<dd>Probabilistic Miller-Rabin primality tests.</dd>
</dl>
<p class="Pp">The <a class="Xr">ssh-keygen(1)</a> moduli candidate
generation uses the Sieve of Eratosthenes (flag 0x02). Subsequent
<a class="Xr">ssh-keygen(1)</a> primality tests are Miller-Rabin tests
(flag 0x04).</p>
</dd>
<dt>trials</dt>
<dd>Decimal number indicating the number of primality trials that have been
performed on the modulus.</dd>
<dt>size</dt>
<dd>Decimal number indicating the size of the prime in bits.</dd>
<dt>generator</dt>
<dd>The recommended generator for use with this modulus (hexadecimal).</dd>
<dt>modulus</dt>
<dd>The modulus itself in hexadecimal.</dd>
</dl>
</div>
<p class="Pp">When performing Diffie-Hellman Group Exchange,
<a class="Xr">sshd(8)</a> first estimates the size of the modulus required
to produce enough Diffie-Hellman output to sufficiently key the selected
symmetric cipher. <a class="Xr">sshd(8)</a> then randomly selects a modulus
from <var class="Fa">/etc/ssh/moduli</var> that best meets the size
requirement.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">ssh-keygen(1)</a>, <a class="Xr">sshd(8)</a></p>
<p class="Pp"><cite class="Rs"><span class="RsT">Diffie-Hellman Group Exchange
for the Secure Shell (SSH) Transport Layer Protocol</span>,
<span class="RsR">RFC 4419</span>, <span class="RsD">2006</span>.</cite></p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">July 19, 2012</td>
<td class="foot-os">FreeBSD 15.0</td>
</tr>
</table>
|
