moduli(5) changes

Simon Burge simonb at wasabisystems.com
Mon Feb 7 23:39:50 EST 2005


Hi folks,

This applies to src/share/man/man5/moduli.5 in the OpenBSD source
tree, and doesn't seem to apply to the portable OpenSSH, so I've
sent this change here instead of via Bugzilla.

The wording of moduli(5) implies that sshd puts more thought about which
modulus it selects than it really does.  The following patch corrects
this.

Simon.
--
Simon Burge                                   <simonb at wasabisystems.com>
NetBSD Development, Support and Service:   http://www.wasabisystems.com/

Index: moduli.5
===================================================================
RCS file: /cvsroot/src/crypto/dist/ssh/moduli.5,v
retrieving revision 1.8
retrieving revision 1.9
diff -d -p -u -r1.8 -r1.9
--- moduli.5	4 Jul 2003 21:56:48 -0000	1.8
+++ moduli.5	7 Feb 2005 12:26:56 -0000	1.9
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd July 28, 1997
+.Dd February 7, 2005
 .Dt MODULI 5
 .Os
 .Sh NAME
@@ -140,11 +140,16 @@ Specifies the best generator for a Diffi
 .Fa Modulus : hex string .
 The prime modulus.
 .Pp
-The file is searched for moduli that meet the appropriate
+The file should be searched for moduli that meet the appropriate
 Time, Size and Generator criteria.
 When more than one meet the criteria,
 the selection should be weighted toward newer moduli,
 without completely disqualifying older moduli.
+.Pp
+Note that
+.Xr sshd 8
+uses only the Size criteria and then selects a modulus at random
+if more than one meet the Size criteria.
 .Sh FILES
 .Bl -tag -width /etc/moduli -compact
 .It Pa /etc/moduli




More information about the openssh-unix-dev mailing list