Can we disable diffie-hellman-group-exchange-sha1 by default?
Darren Tucker
dtucker at dtucker.net
Fri Feb 15 17:28:58 AEDT 2019
On Fri, 15 Feb 2019 at 16:51, David Lang <david at lang.hm> wrote:
> is there a document somewhere that gives simple instructions on how to do this
> (as opposed to digging them out of a large RFC that covers lots of other stuff)
The scripts and Makefile used to generate the groups are here:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/moduli-gen/
The Makefile calls the script to generate each group size then cats
them together with some headers. It's purely serial, if you want to
parallelize it look at ssh-keygen's -j and -J options to start at a
given line and process a specified number of lines to run multiple
workers on the same input file.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list