moduli —
DiffieHellman moduli
The
/etc/moduli file contains prime numbers and
generators for use by
sshd(8) in
the DiffieHellman Group Exchange key exchange method.
New moduli may be generated with
sshkeygen(1) using a
twostep process. An initial
candidate generation
pass, using
sshkeygen G, calculates numbers
that are likely to be useful. A second
primality
testing pass, using
sshkeygen T, provides a
high degree of assurance that the numbers are prime and are safe for use in
DiffieHellman operations by
sshd(8). This
moduli format is used as the output from each
pass.
The file consists of newlineseparated records, one per modulus, containing
seven spaceseparated fields. These fields are as follows:


 timestamp
 The time that the modulus was last processed as
YYYYMMDDHHMMSS.


 type
 Decimal number specifying the internal structure of the
prime modulus. Supported types are:
 0
 Unknown, not tested.
 2
 "Safe" prime; (p1)/2 is also prime.
 4
 Sophie Germain; 2p+1 is also prime.
Moduli candidates initially produced by
sshkeygen(1) are Sophie
Germain primes (type 4). Further primality testing with
sshkeygen(1) produces
safe prime moduli (type 2) that are ready for use in
sshd(8). Other types are not
used by OpenSSH.


 tests
 Decimal number indicating the type of primality tests that
the number has been subjected to represented as a bitmask of the following
values:
 0x00
 Not tested.
 0x01
 Composite number – not prime.
 0x02
 Sieve of Eratosthenes.
 0x04
 Probabilistic MillerRabin primality tests.
The sshkeygen(1) moduli
candidate generation uses the Sieve of Eratosthenes (flag 0x02).
Subsequent sshkeygen(1)
primality tests are MillerRabin tests (flag 0x04).


 trials
 Decimal number indicating the number of primality trials
that have been performed on the modulus.


 size
 Decimal number indicating the size of the prime in
bits.


 generator
 The recommended generator for use with this modulus
(hexadecimal).


 modulus
 The modulus itself in hexadecimal.
When performing DiffieHellman Group Exchange,
sshd(8) first estimates the size
of the modulus required to produce enough DiffieHellman output to
sufficiently key the selected symmetric cipher.
sshd(8) then randomly selects a
modulus from
/etc/moduli that best meets the
size requirement.
sshkeygen(1),
sshd(8)
M. Friedl,
N. Provos, and W. Simpson,
DiffieHellman Group Exchange for the Secure Shell (SSH)
Transport Layer Protocol, RFC 4419,
March 2006.