similar to: moduli(5) changes

Hi, my question is related to the kex algorithm diffie-hellman-group-exchange-sha256 and moduli generation. I've seen that through ssh-keygen, I'm able to re-generate my moduli file used by DH but I'm note sure to understand one point in the ssh-keygen manpage : "Screened DH groups may be installed in /etc/ssh/moduli. It is important that this file contains moduli of a range of

http://bugzilla.mindrot.org/show_bug.cgi?id=1372 Summary: sshd(8) and ssh-keygen(1) refer to non-existent moduli(5) Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: bitbucket at

Hi, Can anybody briefly explain the significance of the updated moduli file? Is this a critical update? Should all existing installations update their moduli file? Thanks in advance, -- Dan

Hello all, I propose the following patch to ssh-keygen.c for openssh version 4.5. It allows to redirect output of the moduli operations to stdout, to do something like e.g.: $ ssh-keygen -G - -b 2048 | ssh-keygen -T - -f - >moduli Best regards, Christian --- ssh/ssh-keygen.c.old 2007-03-01 12:43:06.000000000 +0100 +++ ssh/ssh-keygen.c 2007-03-01 12:47:32.000000000 +0100 @@ -1270,13

http://bugzilla.mindrot.org/show_bug.cgi?id=612 Summary: moduli.5 documentation doesn't match ssh code (off by 1) Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2559 Bug ID: 2559 Summary: Warnings from reading moduli file, refer to primes file Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2614 Bug ID: 2614 Summary: ssh-keygen: Moduli generation not accepting start line and count options Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2277 Bug ID: 2277 Summary: config: add option to customize moduli file location Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

On Thu, 13 Apr 2006 18:07:42 +0200 Oscar Fuentes <oscarfv at telefonica.net> wrote: > > Simon Burton <simon at arrowtheory.com> writes: > > > I'm trying to take assembly and create machine code I can execute. > > How close am I ? > > Your test case is not complete. Besides, which version of llvm are you > using? What are the commands for compiling

When doing a make with the portable developer version, I came across this error: ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/opt/etc/moduli|g' -e

https://bugzilla.mindrot.org/show_bug.cgi?id=2047 Priority: P5 Bug ID: 2047 Assignee: unassigned-bugs at mindrot.org Summary: Definition of Sophie Germain primes is wrong in manual moduli.5 Severity: normal Classification: Unclassified OS: Linux Reporter: plautrba at redhat.com

[ OS: Solaris 2.8 ] Curious why 'moduli' is installed in the "--sysconfdir' directory? Isn't this machine-independent and therefore should go in the "--datadir" directory? Also, it seems to me that the datadir/sysconfdir/sharedstatedir/ localstatedir would be more useful if they were set up (or further expanded) to better support packaging of OpenSSH. For

From: Christian Hesse <mail at eworm.de> Both files can be used, so mention both in error messages. Signed-off-by: Christian Hesse <mail at eworm.de> --- dh.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dh.c b/dh.c index 4c639ac..450f5c4 100644 --- a/dh.c +++ b/dh.c @@ -153,8 +153,8 @@ choose_dh(int min, int wantbits, int max) if ((f =

I'm not nearly knowledgeable enough in crypto to fully understand your answer, but I will try. I wonder why moduli are not automatically generated the first time sshd is started though. That would make much more sense than shipping a default moduli file but also asking everyone to replace it with their own. On Fri, Feb 15, 2019 at 5:50 AM Mark D. Baushke <mdb at juniper.net> wrote: >

On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I

if [ ! -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/moduli ]; then \ if [ -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes ]; then \ echo "moving /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes to /opt/sldx/

https://bugzilla.mindrot.org/show_bug.cgi?id=2330 Bug ID: 2330 Summary: Moduli Generation - Generator 3 not possible at all! Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

I don't think there is any point to generate so many moduli. Actually, 3 moduli of sizes 2048, 3072 and 4096 seem like a sane choice. On Fri, Feb 15, 2019 at 7:58 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 14:22, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I'm not nearly knowledgeable enough in crypto to fully understand your

Hi, I'm interested in requiring a minimum of 3072-bit DH moduli when using the "diffie-hellman-group-exchange-sha256" kex, so I edited my /etc/ssh/moduli file such that only 3071+ moduli are left. However, when clients ask for a max of 2048-bit moduli, they actually get one (!). I poked around and found that a fallback mechanism exists (dh.c:185), which returns back the

http://bugzilla.mindrot.org/show_bug.cgi?id=670 Summary: SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Product: Portable OpenSSH Version: 3.7p1 Platform: Sparc OS/Version: SunOS Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: