- djm@cvs.openbsd.org 2003/07/28 09:49:56

[ssh-keygen.1 ssh-keygen.c] Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. Based on code from Phil Karn, William Allen Simpson and Niels Provos. ok markus@, thanks jmc@
author: Darren Tucker <dtucker@zip.com.au> 2003-08-02 22:40:07 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2003-08-02 22:40:07 +1000
commit: 019cefeaadc06a3664076cae10aedae4aed13911 (patch)
tree: 764f9301bf2bd62662ef43beef8d5af1622983d5 /ssh-keygen.1
parent: c20c60bc99ea5e1b94236c1b3f00a8f4514a21f6 (diff)
1 files changed, 99 insertions, 1 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index fc6b5a5e0..dc4bcacd0 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.59 2003/06/10 09:12:11 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -87,6 +87,16 @@
 .Fl r Ar hostname
 .Op Fl f Ar input_keyfile
 .Op Fl g
+.Nm ssh-keygen
+.Fl G Ar output_file
+.Op Fl b Ar bits
+.Op Fl M Ar memory
+.Op Fl S Ar start_point
+.Nm ssh-keygen
+.Fl T Ar output_file
+.Fl f Ar input_file
+.Op Fl a Ar num_trials
+.Op Fl W Ar generator
 .Sh DESCRIPTION
 .Nm
 generates, manages and converts authentication keys for
@@ -98,6 +108,13 @@ The type of key to be generated is specified with the
 .Fl t
 option.
 .Pp
+.Nm
+is also used to generate groups for use in Diffie-Hellman group
+exchange (DH-GEX).
+See the
+.Sx MODULI GENERATION
+section for details.
+.Pp
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
 key in
@@ -150,6 +167,11 @@ should be placed to be activated.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl a Ar trials
+Specifies the number of primality tests to perform when screening DH-GEX
+candidates using the
+.Fl T
+command.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
@@ -217,10 +239,27 @@ Provides the new comment.
 .It Fl D Ar reader
 Download the RSA public key stored in the smartcard in
 .Ar reader .
+.It Fl G Ar output_file
+Generate candidate primes for DH-GEX.
+These primes must be screened for
+safety (using the
+.Fl T
+option) before use.
+.It Fl M Ar memory
+Specify the amount of memory to use (in megabytes) when generating
+candidate moduli for DH-GEX.
 .It Fl N Ar new_passphrase
 Provides the new passphrase.
 .It Fl P Ar passphrase
 Provides the (old) passphrase.
+.It Fl S Ar start
+Specify start point (in hex) when generating candidate moduli for DH-GEX.
+.It Fl T Ar output_file
+Test DH group exchange candidate primes (generated using the
+.Fl G
+option) for safety.
+.It Fl W Ar generator
+Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
@@ -228,6 +267,60 @@ Upload an existing RSA private key into the smartcard in
 Print DNS resource record with the specified
 .Ar hostname .
 .El
+.Sh MODULI GENERATION
+.Nm
+may be used to generate groups for the Diffie-Hellman Group Exchange
+(DH-GEX) protocol.
+Generating these groups is a two-step process: first, candidate
+primes are generated using a fast, but memory intensive process.
+These candidate primes are then tested for suitability (a CPU-intensive
+process).
+.Pp
+Generation of primes is performed using the
+.Fl G
+option.
+The desired length of the primes may be specified by the
+.Fl b
+option.
+For example:
+.Pp
+.Dl ssh-keygen -G moduli-2048.candidates -b 2048
+.Pp
+By default, the search for primes begins at a random point in the
+desired length range.
+This may be overridden using the
+.Fl S
+option, which specifies a different start point (in hex).
+.Pp
+Once a set of candidates have been generated, they must be tested for
+suitability.
+This may be performed using the
+.Fl T
+option.
+In this mode
+.Nm
+will read candidates from standard input (or a file specified using the
+.Fl f
+option).
+For example:
+.Pp
+.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+.Pp
+By default, each candidate will be subjected to 100 primality tests.
+This may be overridden using the
+.Fl a
+option.
+The DH generator value will be chosen automatically for the
+prime under consideration.
+If a specific generator is desired, it may be requested using the
+.Fl W
+option.
+Valid generator values are 2, 3 and 5.
+.Pp
+Screened DH groups may be installed in
+.Pa /etc/moduli .
+It is important that this file contains moduli of a range of bit lengths and
+that both ends of a connection share common moduli.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa $HOME/.ssh/identity
@@ -284,11 +377,16 @@ The contents of this file should be added to
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
+.It Pa /etc/moduli
+Contains Diffie-Hellman groups used for DH-GEX.
+The file format is described in
+.Xr moduli 5 .
 .El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
+.Xr moduli 5 ,
 .Xr sshd 8
 .Rs
 .%A J. Galbraith
author	Darren Tucker <dtucker@zip.com.au>	2003-08-02 22:40:07 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2003-08-02 22:40:07 +1000
commit	019cefeaadc06a3664076cae10aedae4aed13911 (patch)
tree	764f9301bf2bd62662ef43beef8d5af1622983d5 /ssh-keygen.1
parent	c20c60bc99ea5e1b94236c1b3f00a8f4514a21f6 (diff)

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index fc6b5a5e0..dc4bcacd0 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.59 2003/06/10 09:12:11 jmc Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -87,6 +87,16 @@
87	.Fl r Ar hostname	87	.Fl r Ar hostname
88	.Op Fl f Ar input_keyfile	88	.Op Fl f Ar input_keyfile
89	.Op Fl g	89	.Op Fl g
		90	.Nm ssh-keygen
		91	.Fl G Ar output_file
		92	.Op Fl b Ar bits
		93	.Op Fl M Ar memory
		94	.Op Fl S Ar start_point
		95	.Nm ssh-keygen
		96	.Fl T Ar output_file
		97	.Fl f Ar input_file
		98	.Op Fl a Ar num_trials
		99	.Op Fl W Ar generator
90	.Sh DESCRIPTION	100	.Sh DESCRIPTION
91	.Nm	101	.Nm
92	generates, manages and converts authentication keys for	102	generates, manages and converts authentication keys for
@@ -98,6 +108,13 @@ The type of key to be generated is specified with the
98	.Fl t	108	.Fl t
99	option.	109	option.
100	.Pp	110	.Pp
		111	.Nm
		112	is also used to generate groups for use in Diffie-Hellman group
		113	exchange (DH-GEX).
		114	See the
		115	.Sx MODULI GENERATION
		116	section for details.
		117	.Pp
101	Normally each user wishing to use SSH	118	Normally each user wishing to use SSH
102	with RSA or DSA authentication runs this once to create the authentication	119	with RSA or DSA authentication runs this once to create the authentication
103	key in	120	key in
@@ -150,6 +167,11 @@ should be placed to be activated.
150	.Pp	167	.Pp
151	The options are as follows:	168	The options are as follows:
152	.Bl -tag -width Ds	169	.Bl -tag -width Ds
		170	.It Fl a Ar trials
		171	Specifies the number of primality tests to perform when screening DH-GEX
		172	candidates using the
		173	.Fl T
		174	command.
153	.It Fl b Ar bits	175	.It Fl b Ar bits
154	Specifies the number of bits in the key to create.	176	Specifies the number of bits in the key to create.
155	Minimum is 512 bits.	177	Minimum is 512 bits.
@@ -217,10 +239,27 @@ Provides the new comment.
217	.It Fl D Ar reader	239	.It Fl D Ar reader
218	Download the RSA public key stored in the smartcard in	240	Download the RSA public key stored in the smartcard in
219	.Ar reader .	241	.Ar reader .
		242	.It Fl G Ar output_file
		243	Generate candidate primes for DH-GEX.
		244	These primes must be screened for
		245	safety (using the
		246	.Fl T
		247	option) before use.
		248	.It Fl M Ar memory
		249	Specify the amount of memory to use (in megabytes) when generating
		250	candidate moduli for DH-GEX.
220	.It Fl N Ar new_passphrase	251	.It Fl N Ar new_passphrase
221	Provides the new passphrase.	252	Provides the new passphrase.
222	.It Fl P Ar passphrase	253	.It Fl P Ar passphrase
223	Provides the (old) passphrase.	254	Provides the (old) passphrase.
		255	.It Fl S Ar start
		256	Specify start point (in hex) when generating candidate moduli for DH-GEX.
		257	.It Fl T Ar output_file
		258	Test DH group exchange candidate primes (generated using the
		259	.Fl G
		260	option) for safety.
		261	.It Fl W Ar generator
		262	Specify desired generator when testing candidate moduli for DH-GEX.
224	.It Fl U Ar reader	263	.It Fl U Ar reader
225	Upload an existing RSA private key into the smartcard in	264	Upload an existing RSA private key into the smartcard in
226	.Ar reader .	265	.Ar reader .
@@ -228,6 +267,60 @@ Upload an existing RSA private key into the smartcard in
228	Print DNS resource record with the specified	267	Print DNS resource record with the specified
229	.Ar hostname .	268	.Ar hostname .
230	.El	269	.El
		270	.Sh MODULI GENERATION
		271	.Nm
		272	may be used to generate groups for the Diffie-Hellman Group Exchange
		273	(DH-GEX) protocol.
		274	Generating these groups is a two-step process: first, candidate
		275	primes are generated using a fast, but memory intensive process.
		276	These candidate primes are then tested for suitability (a CPU-intensive
		277	process).
		278	.Pp
		279	Generation of primes is performed using the
		280	.Fl G
		281	option.
		282	The desired length of the primes may be specified by the
		283	.Fl b
		284	option.
		285	For example:
		286	.Pp
		287	.Dl ssh-keygen -G moduli-2048.candidates -b 2048
		288	.Pp
		289	By default, the search for primes begins at a random point in the
		290	desired length range.
		291	This may be overridden using the
		292	.Fl S
		293	option, which specifies a different start point (in hex).
		294	.Pp
		295	Once a set of candidates have been generated, they must be tested for
		296	suitability.
		297	This may be performed using the
		298	.Fl T
		299	option.
		300	In this mode
		301	.Nm
		302	will read candidates from standard input (or a file specified using the
		303	.Fl f
		304	option).
		305	For example:
		306	.Pp
		307	.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
		308	.Pp
		309	By default, each candidate will be subjected to 100 primality tests.
		310	This may be overridden using the
		311	.Fl a
		312	option.
		313	The DH generator value will be chosen automatically for the
		314	prime under consideration.
		315	If a specific generator is desired, it may be requested using the
		316	.Fl W
		317	option.
		318	Valid generator values are 2, 3 and 5.
		319	.Pp
		320	Screened DH groups may be installed in
		321	.Pa /etc/moduli .
		322	It is important that this file contains moduli of a range of bit lengths and
		323	that both ends of a connection share common moduli.
231	.Sh FILES	324	.Sh FILES
232	.Bl -tag -width Ds	325	.Bl -tag -width Ds
233	.It Pa $HOME/.ssh/identity	326	.It Pa $HOME/.ssh/identity
@@ -284,11 +377,16 @@ The contents of this file should be added to
284	on all machines	377	on all machines
285	where the user wishes to log in using public key authentication.	378	where the user wishes to log in using public key authentication.
286	There is no need to keep the contents of this file secret.	379	There is no need to keep the contents of this file secret.
		380	.It Pa /etc/moduli
		381	Contains Diffie-Hellman groups used for DH-GEX.
		382	The file format is described in
		383	.Xr moduli 5 .
287	.El	384	.El
288	.Sh SEE ALSO	385	.Sh SEE ALSO
289	.Xr ssh 1 ,	386	.Xr ssh 1 ,
290	.Xr ssh-add 1 ,	387	.Xr ssh-add 1 ,
291	.Xr ssh-agent 1 ,	388	.Xr ssh-agent 1 ,
		389	.Xr moduli 5 ,
292	.Xr sshd 8	390	.Xr sshd 8
293	.Rs	391	.Rs
294	.%A J. Galbraith	392	.%A J. Galbraith