file contains prime numbers and
generators for use by sshd(8)
the Diffie-Hellman Group Exchange key exchange method.
New moduli may be generated with
two-step process. An initial candidate generation
pass, using ssh-keygen -G
, calculates numbers
that are likely to be useful. A second primality
pass, using ssh-keygen -T
, provides a
high degree of assurance that the numbers are prime and are safe for use in
Diffie-Hellman operations by
format is used as the output from each
The file consists of newline-separated records, one per modulus, containing
seven space-separated fields. These fields are as follows:
- The time that the modulus was last processed as
- Decimal number specifying the internal structure of the
prime modulus. Supported types are:
Moduli candidates initially produced by
ssh-keygen(1) are Sophie
Germain primes (type 4). Further primality testing with
safe prime moduli (type 2) that are ready for use in
sshd(8). Other types are not
used by OpenSSH.
- Unknown, not tested.
- "Safe" prime; (p-1)/2 is also prime.
- Sophie Germain; 2p+1 is also prime.
- Decimal number indicating the type of primality tests that
the number has been subjected to represented as a bitmask of the following
The ssh-keygen(1) moduli
candidate generation uses the Sieve of Eratosthenes (flag 0x02).
primality tests are Miller-Rabin tests (flag 0x04).
- Not tested.
- Composite number – not prime.
- Sieve of Eratosthenes.
- Probabilistic Miller-Rabin primality tests.
- Decimal number indicating the number of primality trials
that have been performed on the modulus.
- Decimal number indicating the size of the prime in
- The recommended generator for use with this modulus
- The modulus itself in hexadecimal.
When performing Diffie-Hellman Group Exchange,
first estimates the size
of the modulus required to produce enough Diffie-Hellman output to
sufficiently key the selected symmetric cipher.
then randomly selects a
modulus from /etc/moduli
that best meets the
N. Provos, and W. Simpson,
Diffie-Hellman Group Exchange for the Secure Shell (SSH)
Transport Layer Protocol, RFC 4419,