similar to: Updated moduli file in OpenSSH 3.8

Howdy, I'm working on porting the portable version of OpenSSH to the Nucleus RTOS. So far I've had a great deal of success. However, I've run into a possible memory leak, and I'm not sure whether I need to write my own cleanup function for it or not. The xxx_kex global (defined in sshd.c) seems to not get freed. I've had difficulty finding a cleanup routine for it. I've

Hi folks, This applies to src/share/man/man5/moduli.5 in the OpenBSD source tree, and doesn't seem to apply to the portable OpenSSH, so I've sent this change here instead of via Bugzilla. The wording of moduli(5) implies that sshd puts more thought about which modulus it selects than it really does. The following patch corrects this. Simon. -- Simon Burge

Hi, my question is related to the kex algorithm diffie-hellman-group-exchange-sha256 and moduli generation. I've seen that through ssh-keygen, I'm able to re-generate my moduli file used by DH but I'm note sure to understand one point in the ssh-keygen manpage : "Screened DH groups may be installed in /etc/ssh/moduli. It is important that this file contains moduli of a range of

http://bugzilla.mindrot.org/show_bug.cgi?id=1372 Summary: sshd(8) and ssh-keygen(1) refer to non-existent moduli(5) Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: bitbucket at

Also, how are default moduli shipped with OpenSSH for use in diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen randomly by developers or are they chosen for security properties? If they are random, why not use moduli from RFC 7919 instead, like Mozilla recommends? On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote: > > Yegor Ievlev <koops1997

Hello all, I propose the following patch to ssh-keygen.c for openssh version 4.5. It allows to redirect output of the moduli operations to stdout, to do something like e.g.: $ ssh-keygen -G - -b 2048 | ssh-keygen -T - -f - >moduli Best regards, Christian --- ssh/ssh-keygen.c.old 2007-03-01 12:43:06.000000000 +0100 +++ ssh/ssh-keygen.c 2007-03-01 12:47:32.000000000 +0100 @@ -1270,13

http://bugzilla.mindrot.org/show_bug.cgi?id=612 Summary: moduli.5 documentation doesn't match ssh code (off by 1) Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2559 Bug ID: 2559 Summary: Warnings from reading moduli file, refer to primes file Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2614 Bug ID: 2614 Summary: ssh-keygen: Moduli generation not accepting start line and count options Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2277 Bug ID: 2277 Summary: config: add option to customize moduli file location Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 Bug ID: 2302 Summary: ssh (and sshd) should not fall back to deselected KEX algos Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 Bug ID: 2302 Summary: ssh (and sshd) should not fall back to deselected KEX algos Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh

When doing a make with the portable developer version, I came across this error: ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/opt/etc/moduli|g' -e

https://bugzilla.mindrot.org/show_bug.cgi?id=2047 Priority: P5 Bug ID: 2047 Assignee: unassigned-bugs at mindrot.org Summary: Definition of Sophie Germain primes is wrong in manual moduli.5 Severity: normal Classification: Unclassified OS: Linux Reporter: plautrba at redhat.com

[ OS: Solaris 2.8 ] Curious why 'moduli' is installed in the "--sysconfdir' directory? Isn't this machine-independent and therefore should go in the "--datadir" directory? Also, it seems to me that the datadir/sysconfdir/sharedstatedir/ localstatedir would be more useful if they were set up (or further expanded) to better support packaging of OpenSSH. For

I'm not nearly knowledgeable enough in crypto to fully understand your answer, but I will try. I wonder why moduli are not automatically generated the first time sshd is started though. That would make much more sense than shipping a default moduli file but also asking everyone to replace it with their own. On Fri, Feb 15, 2019 at 5:50 AM Mark D. Baushke <mdb at juniper.net> wrote: >

From: Christian Hesse <mail at eworm.de> Both files can be used, so mention both in error messages. Signed-off-by: Christian Hesse <mail at eworm.de> --- dh.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dh.c b/dh.c index 4c639ac..450f5c4 100644 --- a/dh.c +++ b/dh.c @@ -153,8 +153,8 @@ choose_dh(int min, int wantbits, int max) if ((f =

On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I

if [ ! -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/moduli ]; then \ if [ -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes ]; then \ echo "moving /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes to /opt/sldx/

https://bugzilla.mindrot.org/show_bug.cgi?id=2330 Bug ID: 2330 Summary: Moduli Generation - Generator 3 not possible at all! Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: