From: dtucker@openbsd.org Date: Wed, 12 May 2021 11:34:30 +0000 (+0000) Subject: upstream: Clarify language about moduli. While both ends of the X-Git-Tag: V_8_7_P1~200 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1320c492f655d8f5baef8c93899d79dded217a5;p=thirdparty%2Fopenssh-portable.git upstream: Clarify language about moduli. While both ends of the connection do need to use the same parameters (ie groups), the DH-GEX protocol takes care of that and both ends do not need the same contents in the moduli file, which is what the previous text suggested. ok djm@ jmc@ OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a --- diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 43c8aa2f5..4e7372745 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.212 2020/11/27 10:12:30 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.213 2021/05/12 11:34:30 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 27 2020 $ +.Dd $Mdocdate: May 12 2021 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -816,8 +816,7 @@ Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in .Pa /etc/moduli . -It is important that this file contains moduli of a range of bit lengths and -that both ends of a connection share common moduli. +It is important that this file contains moduli of a range of bit lengths. .Pp A number of options are available for moduli generation and screening via the .Fl O