Commit 05e0cdd9 authored by Colin Watson's avatar Colin Watson

Remove our local version of moduli(5) now that there's one upstream.

parent 137d76ba
......@@ -140,6 +140,7 @@ openssh (1:5.1p1-1) UNRELEASED; urgency=low
when public key authentication subsequently fails (LP: #161047).
+ Fixed an UMAC alignment problem that manifested on Itanium
platforms.
* Remove our local version of moduli(5) now that there's one upstream.
-- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Jul 2008 17:34:06 +0100
......
.\" $OpenBSD: moduli.5,v 1.11 2007/05/31 19:19:58 jmc Exp $
.\"
.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software designed by William Allen Simpson.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd December 24 2007
.Dt MODULI 5
.Os
.Sh NAME
.Nm moduli
.Nd system moduli file
.Sh DESCRIPTION
The
.Pa /etc/ssh/moduli
file contains the system-wide Diffie-Hellman prime moduli for
.Xr sshd 8 .
.Pp
Each line in this file contains the following fields:
Time, Type, Tests, Tries, Size, Generator, Modulus.
The fields are separated by white space (tab or blank).
.Pp
.Fa Time : yyyymmddhhmmss .
Specifies the system time that the line was appended to the file.
The value 00000000000000 means unknown (historic).
.\"The file is sorted in ascending order.
.Pp
.Fa Type : decimal .
Specifies the internal structure of the prime modulus.
.Pp
.Bl -tag -width indent -offset indent -compact
.It 0 :
unknown;
often learned from peer during protocol operation,
and saved for later analysis.
.It 1 :
unstructured;
a common large number.
.It 2 :
safe (p = 2q + 1);
meets basic structural requirements.
.It 3 :
Schnorr.
.It 4 :
Sophie-Germain (q = (p-1)/2);
usually generated in the process of testing safe or strong primes.
.It 5 :
strong;
useful for RSA public key generation.
.El
.Pp
.Fa Tests : decimal (bit field) .
Specifies the methods used in checking for primality.
Usually, more than one test is used.
.Pp
.Bl -tag -width indent -offset indent -compact
.It 0 :
not tested;
often learned from peer during protocol operation,
and saved for later analysis.
.It 1 :
composite;
failed one or more tests.
In this case, the highest bit specifies the test that failed.
.It 2 :
sieve;
checked for division by a range of smaller primes.
.It 4 :
Miller-Rabin.
.It 8 :
Jacobi.
.It 16 :
Elliptic Curve.
.El
.Pp
.Fa Tries : decimal .
Depends on the value of the highest valid Test bit,
where the method specified is:
.Pp
.Bl -tag -width indent -offset indent -compact
.It 0 :
not tested
(always zero).
.It 1 :
composite
(irrelevant).
.It 2 :
sieve;
number of primes sieved.
Commonly on the order of 32,000,000.
.It 4 :
Miller-Rabin;
number of M-R iterations.
Commonly on the order of 32 to 64.
.It 8 :
Jacobi;
unknown
(always zero).
.It 16 :
Elliptic Curve;
unused
(always zero).
.El
.Pp
.Fa Size : decimal .
Specifies the number of the most significant bit (0 to M).
.Pp
.Fa Generator : hex string .
Specifies the best generator for a Diffie-Hellman exchange.
0 = unknown or variable,
2, 3, 5, etc.
.Pp
.Fa Modulus : hex string .
The prime modulus.
.Pp
The file is searched for moduli that meet the appropriate
Time, Size and Generator criteria.
When more than one meet the criteria,
the selection should be weighted toward newer moduli,
without completely disqualifying older moduli.
.Pp
New moduli may be generated using the
.Xr ssh-keygen 1
tool.
.Sh FILES
.Bl -tag -width /etc/ssh/moduli -compact
.It Pa /etc/ssh/moduli
.El
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
.Xr sshd 8
......@@ -177,7 +177,6 @@ install: build
install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
install -m 644 debian/moduli.5 debian/openssh-client/usr/share/man/man5/moduli.5
install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
......@@ -336,11 +335,6 @@ debian/faq.html:
sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
> debian/faq.html
debian/moduli.5:
wget -q -O - 'http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/share/man/man5/moduli.5?content-type=text/plain' | \
sed 's,/etc/moduli,/etc/ssh/moduli,g; s/\$$Mdocdate\$$/$(shell date +'%B %-d %Y')/' \
> debian/moduli.5
.PHONY: build clean binary-indep binary-arch binary install
.PHONY: build-deb build-udeb
.PHONY: binary-openssh-client binary-openssh-server binary-ssh
......
......@@ -21,7 +21,7 @@
.Nd Diffie Hellman moduli
.Sh DESCRIPTION
The
.Pa /etc/moduli
.Pa /etc/ssh/moduli
file contains prime numbers and generators for use by
.Xr sshd 8
in the Diffie-Hellman Group Exchange key exchange method.
......@@ -111,7 +111,7 @@ first estimates the size of the modulus required to produce enough
Diffie Hellman output to sufficiently key the selected symmetric cipher.
.Xr sshd 8
then randomly selects a modulus from
.Fa /etc/moduli
.Fa /etc/ssh/moduli
that best meets the size requirement.
.Pp
.Sh SEE ALSO
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment