Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   ssh-keygen    ( 1 )

утилита ключа аутентификации OpenSSH (OpenSSH authentication key utility)
  Name  |  Synopsis  |  Description  |    Moduli generation    |  Certificates  |  Key revocation lists  |  Allowed signers  |  Environment  |  Files  |  See also  |

MODULI GENERATION

ssh-keygen may be used to generate groups for the Diffie-Hellman Group Exchange (DH-GEX) protocol. Generating these groups is a two-step process: first, candidate primes are generated using a fast, but memory intensive process. These candidate primes are then tested for suitability (a CPU-intensive process).

Generation of primes is performed using the -M generate option. The desired length of the primes may be specified by the -O bits option. For example:

# ssh-keygen -M generate -O bits=2048 moduli-2048.candidates

By default, the search for primes begins at a random point in the desired length range. This may be overridden using the -O start option, which specifies a different start point (in hex).

Once a set of candidates have been generated, they must be screened for suitability. This may be performed using the -M screen option. In this mode ssh-keygen will read candidates from standard input (or a file specified using the -f option). For example:

# ssh-keygen -M screen -f moduli-2048.candidates moduli-2048

By default, each candidate will be subjected to 100 primality tests. This may be overridden using the -O prime-tests option. The DH generator value will be chosen automatically for the prime under consideration. If a specific generator is desired, it may be requested using the -O generator option. Valid generator values are 2, 3, and 5.

Screened DH groups may be installed in /etc/moduli. It is important that this file contains moduli of a range of bit lengths.

A number of options are available for moduli generation and screening via the -O flag:

lines=number Exit after screening the specified number of lines while performing DH candidate screening.

start-line=line-number Start screening at the specified line number while performing DH candidate screening.

checkpoint=filename Write the last line processed to the specified file while performing DH candidate screening. This will be used to skip lines in the input file that have already been processed if the job is restarted.

memory=mbytes Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX.

start=hex-value Specify start point (in hex) when generating candidate moduli for DH-GEX.

generator=value Specify desired generator (in decimal) when testing candidate moduli for DH-GEX.