Main index  Section 5  Options 
New moduli may be generated with sshkeygen(1) using a twostep process. An initial candidate generation pass, using sshkeygen G, calculates numbers that are likely to be useful. A second primality testing pass, using sshkeygen T, provides a high degree of assurance that the numbers are prime and are safe for use in DiffieHellman operations by sshd(8). This moduli format is used as the output from each pass.
The file consists of newlineseparated records, one per modulus, containing seven spaceseparated fields. These fields are as follows:
timestamp  The time that the modulus was last processed as YYYYMMDDHHMMSS. 
type 
Decimal number specifying the internal structure of the prime modulus.
Supported types are:

0  Unknown, not tested. 
2  "Safe" prime; (p1)/2 is also prime. 
4  Sophie Germain; 2p+1 is also prime. 
Moduli candidates initially produced by sshkeygen(1) are Sophie Germain primes (type 4). Further primality testing with sshkeygen(1) produces safe prime moduli (type 2) that are ready for use in sshd(8). Other types are not used by OpenSSH.
tests 
Decimal number indicating the type of primality tests that the number
has been subjected to represented as a bitmask of the following values:

0x00  Not tested. 
0x01  Composite number  not prime. 
0x02  Sieve of Eratosthenes. 
0x04  Probabilistic MillerRabin primality tests. 
The sshkeygen(1) moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). Subsequent sshkeygen(1) primality tests are MillerRabin tests (flag 0x04).
trials  
Decimal number indicating the number of primality trials that have been performed on the modulus.  
size  Decimal number indicating the size of the prime in bits. 
generator  
The recommended generator for use with this modulus (hexadecimal).  
modulus  
The modulus itself in hexadecimal.  
When performing DiffieHellman Group Exchange, sshd(8) first estimates the size of the modulus required to produce enough DiffieHellman output to sufficiently key the selected symmetric cipher. sshd(8) then randomly selects a modulus from /etc/ssh/moduli that best meets the size requirement.
RFC 4419, DiffieHellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, 2006.
MODULI (5)  July 19, 2012 
Main index  Section 5  Options 
Please direct any comments about this manual page service to Ben Bullock.
“  To err is human...to really foul up requires the root password.  ” 