Use of /etc/primes & DH group exchange

Nigel Metheringham Nigel.Metheringham at VData.co.uk
Fri Nov 24 20:52:12 EST 2000


Marcus,

I am still a little confused as to the purpose of the file of "safe" primes 
stashed in /etc/primes (or /etc/ssh/primes) and what should be used to generate this.

The IETF document you referenced on the list -
  http://www.ietf.org/internet-drafts/draft-provos-secsh-dh-group-exchange-00.txt
indicates that a system should be generating primes for future use in the background, however this file of primes appears to be externally generated (I see no code that writes the file in 2.3.0p1), and certainly in the case of the latest RH RPMs (see current BugTraq posting & RHSA-2000:111-03) is fixed for all their installs.

Is having everyone singing from the same prime songsheet whats intended, or should these primes be unique per box?  [or do I not understand any of this :-) ]

	Nigel.

-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham at VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]






More information about the openssh-unix-dev mailing list