upstream: Clarify language about moduli. While both ends of the

connection do need to use the same parameters (ie groups), the DH-GEX
protocol takes care of that and both ends do not need the same contents in
the moduli file, which is what the previous text suggested.  ok djm@ jmc@

OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a
This commit is contained in:
dtucker@openbsd.org 2021-05-12 11:34:30 +00:00 committed by Damien Miller
parent d3cc4d650c
commit d1320c492f
1 changed files with 3 additions and 4 deletions

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.212 2020/11/27 10:12:30 dtucker Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.213 2021/05/12 11:34:30 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 27 2020 $
.Dd $Mdocdate: May 12 2021 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -816,8 +816,7 @@ Valid generator values are 2, 3, and 5.
.Pp
Screened DH groups may be installed in
.Pa /etc/moduli .
It is important that this file contains moduli of a range of bit lengths and
that both ends of a connection share common moduli.
It is important that this file contains moduli of a range of bit lengths.
.Pp
A number of options are available for moduli generation and screening via the
.Fl O