Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   1409 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

MODULI(5)							     MODULI(5)

NAME
       moduli - Diffie-Hellman moduli

DESCRIPTION
       The  /boot/common/settings/ssh/moduli  file  contains prime numbers and
       generators for use by sshd(8) in the Diffie-Hellman Group Exchange  key
       exchange method.

       New  moduli  may	 be  generated	with  ssh-keygen(1)  using  a two-step
       process.	 An initial candidategeneration	 pass,	using  ssh-keygen  -G,
       calculates  numbers  that  are  likely to be useful.  A second primali‐
       tytesting pass, using ssh-keygen -T, provides a high degree  of	assur‐
       ance  that the numbers are prime and are safe for use in Diffie-Hellman
       operations by sshd(8).  This moduli format is used as the  output  from
       each pass.

       The  file  consists of newline-separated records, one per modulus, con‐
       taining seven space-separated fields.  These fields are as follows:

       timestamp
	      The time that the modulus was last processed as YYYYMMDDHHMMSS.

       type   Decimal number specifying the internal structure	of  the	 prime
	      modulus.	Supported types are:

       0      Unknown, not tested.

       2      "Safe" prime; (p-1)/2 is also prime.

       4      Sophie Germain; (p+1)*2 is also prime.

	      Moduli candidates initially produced by ssh-keygen(1) are Sophie
	      Germain primes (type 4).	Further primality  testing  with  ssh-
	      keygen(1) produces safe prime moduli (type 2) that are ready for
	      use in sshd(8).  Other types are not used by OpenSSH.

       tests  Decimal number indicating the type of primality tests  that  the
	      number  has  been	 subjected  to represented as a bitmask of the
	      following values:

       0x00   Not tested.

       0x01   Composite number – not prime.

       0x02   Sieve of Eratosthenes.

       0x04   Probabilistic Miller-Rabin primality tests.

	      The ssh-keygen(1) moduli candidate generation uses the Sieve  of
	      Eratosthenes  (flag  0x02).   Subsequent ssh-keygen(1) primality
	      tests are Miller-Rabin tests (flag 0x04).

       trials Decimal number indicating the number of  primality  trials  that
	      have been performed on the modulus.

       size   Decimal number indicating the size of the prime in bits.

       generator
	      The  recommended	generator for use with this modulus (hexadeci‐
	      mal).

       modulus
	      The modulus itself in hexadecimal.

	      When performing Diffie-Hellman  Group  Exchange,	sshd(8)	 first
	      estimates	 the  size  of	the modulus required to produce enough
	      Diffie-Hellman output to sufficiently key the selected symmetric
	      cipher.	sshd(8)	 then  randomly	 selects  a  modulus  from  Fa
	      /boot/common/settings/ssh/moduli	that  best  meets   the	  size
	      requirement.

SEE ALSO
       ssh-keygen(1), sshd(8)

       Diffie-Hellman  Group  Exchange	for  the  Secure Shell (SSH) Transport
       Layer Protocol, RFC 4419, 2006.

			       October 14 2010			     MODULI(5)

Vote for polarhome