Thanks Jean,
I got the primes file from one of the distributions of openssh.
But this raises certain questions in my mind.
Everybody is using the *same* primes file which is used for Diffie hellman
key exchange. Won't it be better if these are generated instead from the
security point of view? ( Although I know these primes are not supposed
to be a secret in the algorithm and are transferred in plaintext but still
its better for them to be generated instead of everybody using the same
set.)
Does ssh client also need a prime file? According to the algorithm both
client and server need to have access to a common pair of primes. So is it
that
server sends both the primes over to the client?
I may be wrong. Do please clarify.
Thanks,
-Dm
-----Original Message-----
From: Jean Chouanard [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 12, 2000 8:35 AM
To: Dharmendra Mohan
Cc: [EMAIL PROTECTED]
Subject: Re: /etc/ssh/primes ?
>From what I see on OpenBSD, the primes file is not generated but part of the
/etc source distribution of OpenBSD (and not of ssh).
You can download it from:
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/primes?rev=1.1
and manually install it as it is done in OpenBSD:
${INSTALL} -c -o root -g wheel -m 644 primes ${DESTDIR}/etc
jean
On 11 December 2000 at 19:11, someone using the login of "Dharmendra Mohan
<[EMAIL PROTECTED]> " wrote:
> Hello,
> Can somebody tell the real reason? I am having the same problem.
> In my case it didn't get solved even after downloading the latest
> version. It didn't generate any primes file when I compiled it.
> I am running it on NetBSD 1.5.
>
> Thanks,
> Dm
>
>
> ----
> Dharmendra Mohan
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Chris Vaughan [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 10, 2000 1:57 PM
> To: 'Daniel Woods'
> Cc: [EMAIL PROTECTED]
> Subject: RE: /etc/ssh/primes ?
>
>
> Hello,
>
> Yes I asked this message recently. The fix that I was advised of was to
get
> the latest snapshot souce of openssh, compile it and move the resulting
> primes file into the /etc/ssh directory.
>
> I have not encountered the the error message since I carried this out.
>
> Chris Vaughan
> Communications Administrator
>
> Department of Information Technology & Management NSW
>
>
> -----Original Message-----
> From: Daniel Woods [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 8 December 2000 5:26 AM
> To: Noam Sturmwind
> Cc: [EMAIL PROTECTED]
> Subject: Re: /etc/ssh/primes ?
>
>
> > I believe someone else mentioned this recently, but either there wasn't
a
> > reply or I managed to delete the reply email (I did accidentally delete
a
> > few before reading -- sorry if this is a repeat question!)
> >
> > Since I've upgraded to OpenSSH 2.3.0p1 (mandrake openssh-2.3.0-p1-7.3mdk
> > package) I've been receiving these warning messages through syslog every
> > time someone connects (before the authentication):
> >
> > sshd[22064]: WARNING: no primes in /etc/ssh/primes, using old prime
> >
> > I'm a bit concerned; depending on what primes are used for, would this
> > have an impact on security? I've looked through old ssh installs and
> > haven't found a primes file, so I'm wondering if this is a new feature?
>
> I have not read any message about this topic before.
> I have also started to get these messages, yet nothing has changed in my
> OpenSSH setup.
>
> Using ...
> openssh-2.3.0p1-7.1mdk
> openssh-askpass-2.3.0p1-7.1mdk
> openssh-clients-2.3.0p1-7.1mdk
> openssh-server-2.3.0p1-7.1mdk
>
> I have the same on two Mandrake systems (7.1), yet the second one has
> not been showing the syslog messages.
>
> Thanks... Dan.
>
