From d1320c492f655d8f5baef8c93899d79dded217a5 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 12 May 2021 11:34:30 +0000 Subject: [PATCH] upstream: Clarify language about moduli. While both ends of the connection do need to use the same parameters (ie groups), the DH-GEX protocol takes care of that and both ends do not need the same contents in the moduli file, which is what the previous text suggested. ok djm@ jmc@ OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a --- ssh-keygen.1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 43c8aa2f5..4e7372745 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.212 2020/11/27 10:12:30 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.213 2021/05/12 11:34:30 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 27 2020 $ +.Dd $Mdocdate: May 12 2021 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -816,8 +816,7 @@ Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in .Pa /etc/moduli . -It is important that this file contains moduli of a range of bit lengths and -that both ends of a connection share common moduli. +It is important that this file contains moduli of a range of bit lengths. .Pp A number of options are available for moduli generation and screening via the .Fl O