From 9b8411f381b4c08ae76b9e9032fa191efecf636e Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 12 May 2021 11:34:30 +0000 Subject: [PATCH] Clarify language about moduli. While both ends of the connection do need to use the same parameters (ie groups), the DH-GEX protocol takes care of that and both ends do not need the same contents in the moduli file, which is what the previous text suggested. ok djm@ jmc@ --- usr.bin/ssh/ssh-keygen.1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index 43c8aa2f583..4e737274533 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.212 2020/11/27 10:12:30 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.213 2021/05/12 11:34:30 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 27 2020 $ +.Dd $Mdocdate: May 12 2021 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -816,8 +816,7 @@ Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in .Pa /etc/moduli . -It is important that this file contains moduli of a range of bit lengths and -that both ends of a connection share common moduli. +It is important that this file contains moduli of a range of bit lengths. .Pp A number of options are available for moduli generation and screening via the .Fl O -- 2.20.1