7 files changed, 67 insertions, 38 deletions
diff --git a/ChangeLog b/ChangeLog
index a7abfd587..f72d78985 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,21 @@
 - (djm) Don't fail in defines.h on absence of 64 bit types (we will 
   still fail during compilation of sftp-server).
 - (djm) Fail if ar is not found during configure
+ - (djm) OpenBSD CVS updates:
+   - provos@cvs.openbsd.org  2000/11/22 08:38:31
+     [sshd.8]
+     talk about /etc/primes, okay markus@
+   - markus@cvs.openbsd.org  2000/11/23 14:03:48
+     [ssh.c sshconnect1.c sshconnect2.c]
+     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
+     defaults
+   - markus@cvs.openbsd.org  2000/11/25 09:42:53
+     [sshconnect1.c]
+     reorder check for illegal ciphers, bugreport from espie@
+   - markus@cvs.openbsd.org  2000/11/25 10:19:34
+     [ssh-keygen.c ssh.h]
+     print keytype when generating a key.
+     reasonable defaults for RSA1/RSA/DSA keys.
 20001125
 - (djm) Give up privs when reading seed file
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5da90035a..89c03d901 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.35 2000/11/25 17:19:33 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -67,9 +67,8 @@ int convert_to_ssh2 = 0;
 int convert_from_ssh2 = 0;
 int print_public = 0;
-/* key type */
+/* default to RSA for SSH-1 */
-int dsa_mode = 0;               /* compat */
+char *key_type_name = "rsa1";
-char *key_type_name = NULL;
 /* argv0 */
 #ifdef HAVE___PROGNAME
@@ -84,9 +83,24 @@ void
 ask_filename(struct passwd *pw, const char *prompt)
 {
        char buf[1024];
-        snprintf(identity_file, sizeof(identity_file), "%s/%s",
+        char *name = NULL;
-            pw->pw_dir,
-            dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);
+        switch (key_type_from_name(key_type_name)) {
+        case KEY_RSA1:
+                name = SSH_CLIENT_IDENTITY;
+                break;
+        case KEY_DSA:
+                name = SSH_CLIENT_ID_DSA;
+                break;
+        case KEY_RSA:
+                name = SSH_CLIENT_ID_RSA;
+                break;
+        default:
+                fprintf(stderr, "bad key type");
+                exit(1);
+                break;
+        }
+        snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
        printf("%s (%s): ", prompt, identity_file);
        fflush(stdout);
        if (fgets(buf, sizeof(buf), stdin) == NULL)
@@ -600,10 +614,9 @@ main(int ac, char **av)
 {
        char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
        struct passwd *pw;
-        int opt;
+        int opt, type;
        struct stat st;
        FILE *f;
-        int type = KEY_RSA1;
        Key *private;
        Key *public;
@@ -688,12 +701,10 @@ main(int ac, char **av)
                case 'd':
                        key_type_name = "dsa";
-                        dsa_mode = 1;
                        break;
                case 't':
                        key_type_name = optarg;
-                        dsa_mode = (strcmp(optarg, "dsa") == 0);
                        break;
                case '?':
@@ -724,15 +735,13 @@ main(int ac, char **av)
        arc4random_stir();
-        if (key_type_name != NULL) {
+        type = key_type_from_name(key_type_name);
-                type = key_type_from_name(key_type_name);
+        if (type == KEY_UNSPEC) {
-                if (type == KEY_UNSPEC) {
+                fprintf(stderr, "unknown key type %s\n", key_type_name);
-                        fprintf(stderr, "unknown key type %s\n", key_type_name);
+                exit(1);
-                        exit(1);
-                }
        }
        if (!quiet)
-                printf("Generating public/private key pair.\n");
+                printf("Generating public/private %s key pair.\n", key_type_name);
        private = key_generate(type, bits);
        if (private == NULL) {
                fprintf(stderr, "key_generate failed");
diff --git a/ssh.c b/ssh.c
index b41c87e12..3af5e0378 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -427,12 +427,18 @@ main(int ac, char **av)
                                options.cipher = SSH_CIPHER_ILLEGAL;
                        } else {
                                /* SSH1 only */
-                                Cipher *c = cipher_by_name(optarg);
+                                options.cipher = cipher_number(optarg);
-                                if (c == NULL || c->number < 0) {
+                                if (options.cipher == -1) {
                                        fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
                                        exit(1);
                                }
-                                options.cipher = c->number;
+                                if (options.cipher == SSH_CIPHER_3DES) {
+                                        options.ciphers = "3des-cbc";
+                                } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+                                        options.ciphers = "blowfish-cbc";
+                                } else {
+                                        options.ciphers = (char *)-1;
+                                }
                        }
                        break;
                case 'p':
diff --git a/ssh.h b/ssh.h
index 78254e45a..bb103fe4d 100644
--- a/ssh.h
+++ b/ssh.h
@@ -12,7 +12,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: ssh.h,v 1.54 2000/10/11 20:27:24 markus Exp $"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.55 2000/11/25 17:19:33 markus Exp $"); */
 #ifndef SSH_H
 #define SSH_H
@@ -144,6 +144,7 @@
 */
 #define SSH_CLIENT_IDENTITY     ".ssh/identity"
 #define SSH_CLIENT_ID_DSA       ".ssh/id_dsa"
+#define SSH_CLIENT_ID_RSA       ".ssh/id_rsa"
 /*
 * Configuration file in user\'s home directory.  This file need not be
diff --git a/sshconnect1.c b/sshconnect1.c
index 227e10b4b..709329713 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -833,13 +833,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
        RSA_free(public_key);
        RSA_free(host_key);
-        if (options.cipher == SSH_CIPHER_ILLEGAL) {
+        if (options.cipher == SSH_CIPHER_NOT_SET) {
+                if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
+                        options.cipher = ssh_cipher_default;
+        } else if (options.cipher == SSH_CIPHER_ILLEGAL ||
+            !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
                log("No valid SSH1 cipher, using %.100s instead.",
                    cipher_name(ssh_cipher_default));
                options.cipher = ssh_cipher_default;
-        } else if (options.cipher == SSH_CIPHER_NOT_SET) {
-                if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
-                        options.cipher = ssh_cipher_default;
        }
        /* Check that the selected cipher is supported. */
        if (!(supported_ciphers & (1 << options.cipher)))
diff --git a/sshconnect2.c b/sshconnect2.c
index bb4774aa4..69d9c49e3 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -74,14 +74,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        Buffer *client_kexinit, *server_kexinit;
        char *sprop[PROPOSAL_MAX];
-        if (options.ciphers == NULL) {
+        if (options.ciphers == (char *)-1) {
-                if (options.cipher == SSH_CIPHER_3DES) {
+                log("No valid ciphers for protocol version 2 given, using defaults.");
-                        options.ciphers = "3des-cbc";
+                options.ciphers = NULL;
-                } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
-                        options.ciphers = "blowfish-cbc";
-                } else if (options.cipher == SSH_CIPHER_DES) {
-                        fatal("cipher DES not supported for protocol version 2");
-                }
        }
        if (options.ciphers != NULL) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
diff --git a/sshd.8 b/sshd.8
index 823282018..48d6be204 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.72 2000/11/12 19:50:38 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -885,6 +885,8 @@ really used for anything; it is only provided for the convenience of
 the user so its contents can be copied to known hosts files.
 These two files are created using
 .Xr ssh-keygen 1 .
+.It Pa /etc/primes
+Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
 .It Pa /var/run/sshd.pid
 Contains the process ID of the
 .Nm

diff --git a/ChangeLog b/ChangeLog index a7abfd587..f72d78985 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -4,6 +4,21 @@
4	- (djm) Don't fail in defines.h on absence of 64 bit types (we will	4	- (djm) Don't fail in defines.h on absence of 64 bit types (we will
5	still fail during compilation of sftp-server).	5	still fail during compilation of sftp-server).
6	- (djm) Fail if ar is not found during configure	6	- (djm) Fail if ar is not found during configure
		7	- (djm) OpenBSD CVS updates:
		8	- provos@cvs.openbsd.org 2000/11/22 08:38:31
		9	[sshd.8]
		10	talk about /etc/primes, okay markus@
		11	- markus@cvs.openbsd.org 2000/11/23 14:03:48
		12	[ssh.c sshconnect1.c sshconnect2.c]
		13	complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
		14	defaults
		15	- markus@cvs.openbsd.org 2000/11/25 09:42:53
		16	[sshconnect1.c]
		17	reorder check for illegal ciphers, bugreport from espie@
		18	- markus@cvs.openbsd.org 2000/11/25 10:19:34
		19	[ssh-keygen.c ssh.h]
		20	print keytype when generating a key.
		21	reasonable defaults for RSA1/RSA/DSA keys.
7		22
8	20001125	23	20001125
9	- (djm) Give up privs when reading seed file	24	- (djm) Give up privs when reading seed file


diff --git a/ssh-keygen.c b/ssh-keygen.c index 5da90035a..89c03d901 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.35 2000/11/25 17:19:33 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -67,9 +67,8 @@ int convert_to_ssh2 = 0;
67	int convert_from_ssh2 = 0;	67	int convert_from_ssh2 = 0;
68	int print_public = 0;	68	int print_public = 0;
69		69
70	/* key type */	70	/* default to RSA for SSH-1 */
71	int dsa_mode = 0; /* compat */	71	char *key_type_name = "rsa1";
72	char *key_type_name = NULL;
73		72
74	/* argv0 */	73	/* argv0 */
75	#ifdef HAVE___PROGNAME	74	#ifdef HAVE___PROGNAME
@@ -84,9 +83,24 @@ void
84	ask_filename(struct passwd pw, const char prompt)	83	ask_filename(struct passwd pw, const char prompt)
85	{	84	{
86	char buf[1024];	85	char buf[1024];
87	snprintf(identity_file, sizeof(identity_file), "%s/%s",	86	char *name = NULL;
88	pw->pw_dir,	87
89	dsa_mode ? SSH_CLIENT_ID_DSA: SSH_CLIENT_IDENTITY);	88	switch (key_type_from_name(key_type_name)) {
		89	case KEY_RSA1:
		90	name = SSH_CLIENT_IDENTITY;
		91	break;
		92	case KEY_DSA:
		93	name = SSH_CLIENT_ID_DSA;
		94	break;
		95	case KEY_RSA:
		96	name = SSH_CLIENT_ID_RSA;
		97	break;
		98	default:
		99	fprintf(stderr, "bad key type");
		100	exit(1);
		101	break;
		102	}
		103	snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
90	printf("%s (%s): ", prompt, identity_file);	104	printf("%s (%s): ", prompt, identity_file);
91	fflush(stdout);	105	fflush(stdout);
92	if (fgets(buf, sizeof(buf), stdin) == NULL)	106	if (fgets(buf, sizeof(buf), stdin) == NULL)
@@ -600,10 +614,9 @@ main(int ac, char **av)
600	{	614	{
601	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;	615	char dotsshdir[16 * 1024], comment[1024], passphrase1, passphrase2;
602	struct passwd *pw;	616	struct passwd *pw;
603	int opt;	617	int opt, type;
604	struct stat st;	618	struct stat st;
605	FILE *f;	619	FILE *f;
606	int type = KEY_RSA1;
607	Key *private;	620	Key *private;
608	Key *public;	621	Key *public;
609		622
@@ -688,12 +701,10 @@ main(int ac, char **av)
688		701
689	case 'd':	702	case 'd':
690	key_type_name = "dsa";	703	key_type_name = "dsa";
691	dsa_mode = 1;
692	break;	704	break;
693		705
694	case 't':	706	case 't':
695	key_type_name = optarg;	707	key_type_name = optarg;
696	dsa_mode = (strcmp(optarg, "dsa") == 0);
697	break;	708	break;
698		709
699	case '?':	710	case '?':
@@ -724,15 +735,13 @@ main(int ac, char **av)
724		735
725	arc4random_stir();	736	arc4random_stir();
726		737
727	if (key_type_name != NULL) {	738	type = key_type_from_name(key_type_name);
728	type = key_type_from_name(key_type_name);	739	if (type == KEY_UNSPEC) {
729	if (type == KEY_UNSPEC) {	740	fprintf(stderr, "unknown key type %s\n", key_type_name);
730	fprintf(stderr, "unknown key type %s\n", key_type_name);	741	exit(1);
731	exit(1);
732	}
733	}	742	}
734	if (!quiet)	743	if (!quiet)
735	printf("Generating public/private key pair.\n");	744	printf("Generating public/private %s key pair.\n", key_type_name);
736	private = key_generate(type, bits);	745	private = key_generate(type, bits);
737	if (private == NULL) {	746	if (private == NULL) {
738	fprintf(stderr, "key_generate failed");	747	fprintf(stderr, "key_generate failed");


diff --git a/ssh.c b/ssh.c index b41c87e12..3af5e0378 100644 --- a/ssh.c +++ b/ssh.c
@@ -39,7 +39,7 @@
39	*/	39	*/
40		40
41	#include "includes.h"	41	#include "includes.h"
42	RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");	42	RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
43		43
44	#include <openssl/evp.h>	44	#include <openssl/evp.h>
45	#include <openssl/dsa.h>	45	#include <openssl/dsa.h>
@@ -427,12 +427,18 @@ main(int ac, char **av)
427	options.cipher = SSH_CIPHER_ILLEGAL;	427	options.cipher = SSH_CIPHER_ILLEGAL;
428	} else {	428	} else {
429	/* SSH1 only */	429	/* SSH1 only */
430	Cipher *c = cipher_by_name(optarg);	430	options.cipher = cipher_number(optarg);
431	if (c == NULL \|\| c->number < 0) {	431	if (options.cipher == -1) {
432	fprintf(stderr, "Unknown cipher type '%s'\n", optarg);	432	fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
433	exit(1);	433	exit(1);
434	}	434	}
435	options.cipher = c->number;	435	if (options.cipher == SSH_CIPHER_3DES) {
		436	options.ciphers = "3des-cbc";
		437	} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
		438	options.ciphers = "blowfish-cbc";
		439	} else {
		440	options.ciphers = (char *)-1;
		441	}
436	}	442	}
437	break;	443	break;
438	case 'p':	444	case 'p':


diff --git a/ssh.h b/ssh.h index 78254e45a..bb103fe4d 100644 --- a/ssh.h +++ b/ssh.h
@@ -12,7 +12,7 @@
12	* called by a name other than "ssh" or "Secure Shell".	12	* called by a name other than "ssh" or "Secure Shell".
13	*/	13	*/
14		14
15	/* RCSID("$OpenBSD: ssh.h,v 1.54 2000/10/11 20:27:24 markus Exp $"); */	15	/* RCSID("$OpenBSD: ssh.h,v 1.55 2000/11/25 17:19:33 markus Exp $"); */
16		16
17	#ifndef SSH_H	17	#ifndef SSH_H
18	#define SSH_H	18	#define SSH_H
@@ -144,6 +144,7 @@
144	*/	144	*/
145	#define SSH_CLIENT_IDENTITY ".ssh/identity"	145	#define SSH_CLIENT_IDENTITY ".ssh/identity"
146	#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"	146	#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
		147	#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
147		148
148	/*	149	/*
149	* Configuration file in user\'s home directory. This file need not be	150	* Configuration file in user\'s home directory. This file need not be


diff --git a/sshconnect1.c b/sshconnect1.c index 227e10b4b..709329713 100644 --- a/sshconnect1.c +++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13	*/	13	*/
14		14
15	#include "includes.h"	15	#include "includes.h"
16	RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $");	16	RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $");
17		17
18	#include <openssl/bn.h>	18	#include <openssl/bn.h>
19	#include <openssl/dsa.h>	19	#include <openssl/dsa.h>
@@ -833,13 +833,14 @@ ssh_kex(char host, struct sockaddr hostaddr)
833	RSA_free(public_key);	833	RSA_free(public_key);
834	RSA_free(host_key);	834	RSA_free(host_key);
835		835
836	if (options.cipher == SSH_CIPHER_ILLEGAL) {	836	if (options.cipher == SSH_CIPHER_NOT_SET) {
		837	if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
		838	options.cipher = ssh_cipher_default;
		839	} else if (options.cipher == SSH_CIPHER_ILLEGAL \|\|
		840	!(cipher_mask_ssh1(1) & (1 << options.cipher))) {
837	log("No valid SSH1 cipher, using %.100s instead.",	841	log("No valid SSH1 cipher, using %.100s instead.",
838	cipher_name(ssh_cipher_default));	842	cipher_name(ssh_cipher_default));
839	options.cipher = ssh_cipher_default;	843	options.cipher = ssh_cipher_default;
840	} else if (options.cipher == SSH_CIPHER_NOT_SET) {
841	if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
842	options.cipher = ssh_cipher_default;
843	}	844	}
844	/* Check that the selected cipher is supported. */	845	/* Check that the selected cipher is supported. */
845	if (!(supported_ciphers & (1 << options.cipher)))	846	if (!(supported_ciphers & (1 << options.cipher)))


diff --git a/sshconnect2.c b/sshconnect2.c index bb4774aa4..69d9c49e3 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $");	26	RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
27		27
28	#include <openssl/bn.h>	28	#include <openssl/bn.h>
29	#include <openssl/rsa.h>	29	#include <openssl/rsa.h>
@@ -74,14 +74,9 @@ ssh_kex2(char host, struct sockaddr hostaddr)
74	Buffer client_kexinit, server_kexinit;	74	Buffer client_kexinit, server_kexinit;
75	char *sprop[PROPOSAL_MAX];	75	char *sprop[PROPOSAL_MAX];
76		76
77	if (options.ciphers == NULL) {	77	if (options.ciphers == (char *)-1) {
78	if (options.cipher == SSH_CIPHER_3DES) {	78	log("No valid ciphers for protocol version 2 given, using defaults.");
79	options.ciphers = "3des-cbc";	79	options.ciphers = NULL;
80	} else if (options.cipher == SSH_CIPHER_BLOWFISH) {
81	options.ciphers = "blowfish-cbc";
82	} else if (options.cipher == SSH_CIPHER_DES) {
83	fatal("cipher DES not supported for protocol version 2");
84	}
85	}	80	}
86	if (options.ciphers != NULL) {	81	if (options.ciphers != NULL) {
87	myproposal[PROPOSAL_ENC_ALGS_CTOS] =	82	myproposal[PROPOSAL_ENC_ALGS_CTOS] =


diff --git a/sshd.8 b/sshd.8 index 823282018..48d6be204 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.72 2000/11/12 19:50:38 markus Exp $	37	.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -885,6 +885,8 @@ really used for anything; it is only provided for the convenience of
885	the user so its contents can be copied to known hosts files.	885	the user so its contents can be copied to known hosts files.
886	These two files are created using	886	These two files are created using
887	.Xr ssh-keygen 1 .	887	.Xr ssh-keygen 1 .
		888	.It Pa /etc/primes
		889	Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
888	.It Pa /var/run/sshd.pid	890	.It Pa /var/run/sshd.pid
889	Contains the process ID of the	891	Contains the process ID of the
890	.Nm	892	.Nm