Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   ssh-keygen    ( 1 )

утилита ключа аутентификации OpenSSH (OpenSSH authentication key utility)
  Name  |  Synopsis  |  Description  |    Moduli generation    |  Certificates  |  Key revocation lists  |  Allowed signers  |  Environment  |  Files  |  See also  |

MODULI GENERATION

ssh-keygen may be used to generate groups for the Diffie-Hellman
     Group Exchange (DH-GEX) protocol.  Generating these groups is a
     two-step process: first, candidate primes are generated using a
     fast, but memory intensive process.  These candidate primes are
     then tested for suitability (a CPU-intensive process).


     Generation of primes is performed using the -M generate option.
     The desired length of the primes may be specified by the -O bits
     option.  For example:


           # ssh-keygen -M generate -O bits=2048 moduli-2048.candidates


     By default, the search for primes begins at a random point in the
     desired length range.  This may be overridden using the -O start
     option, which specifies a different start point (in hex).


     Once a set of candidates have been generated, they must be screened
     for suitability.  This may be performed using the -M screen option.
     In this mode ssh-keygen will read candidates from standard input
     (or a file specified using the -f option).  For example:


           # ssh-keygen -M screen -f moduli-2048.candidates moduli-2048


     By default, each candidate will be subjected to 100 primality
     tests.  This may be overridden using the -O prime-tests option.
     The DH generator value will be chosen automatically for the prime
     under consideration.  If a specific generator is desired, it may be
     requested using the -O generator option.  Valid generator values
     are 2, 3, and 5.


     Screened DH groups may be installed in /etc/moduli.  It is
     important that this file contains moduli of a range of bit lengths.


     A number of options are available for moduli generation and
     screening via the -O flag:


     lines=number
             Exit after screening the specified number of lines while
             performing DH candidate screening.


     start-line=line-number
             Start screening at the specified line number while
             performing DH candidate screening.


     checkpoint=filename
             Write the last line processed to the specified file while
             performing DH candidate screening.  This will be used to
             skip lines in the input file that have already been
             processed if the job is restarted.


     memory=mbytes
             Specify the amount of memory to use (in megabytes) when
             generating candidate moduli for DH-GEX.


     start=hex-value
             Specify start point (in hex) when generating candidate
             moduli for DH-GEX.


     generator=value
             Specify desired generator (in decimal) when testing
             candidate moduli for DH-GEX.