Blame openssh-5.8p1-reseed2.patch
|
Jan F |
d32174 |
diff -up openssh-5.8p1/sshd_config.5.reseed2 openssh-5.8p1/sshd_config.5
|
|
Jan F |
d32174 |
--- openssh-5.8p1/sshd_config.5.reseed2 2011-03-27 19:51:00.881648385 +0200
|
|
Jan F |
d32174 |
+++ openssh-5.8p1/sshd_config.5 2011-03-27 20:01:31.608759007 +0200
|
|
Jan F |
d32174 |
@@ -618,7 +618,10 @@ The default is
|
|
Jan F |
d32174 |
.Dq diffie-hellman-group14-sha1 ,
|
|
Jan F |
d32174 |
.Dq diffie-hellman-group1-sha1 .
|
|
Jan F |
d32174 |
.It Cm KeyRegenerationInterval
|
|
Jan F |
d32174 |
-In protocol version 1, the ephemeral server key is automatically regenerated
|
|
Jan F |
d32174 |
+The time interval between the OpenSSL random generator reseedings. The generator is reseeded
|
|
Jan F |
d32174 |
+to prevent the possibility of estimation the next random values. The rancom generator
|
|
Jan F |
d32174 |
+is not reseeded in the case, that there are no connections.
|
|
Jan F |
d32174 |
+Additionally in protocol version 1, the ephemeral server key is automatically regenerated
|
|
Jan F |
d32174 |
after this many seconds (if it has been used).
|
|
Jan F |
d32174 |
The purpose of regeneration is to prevent
|
|
Jan F |
d32174 |
decrypting captured sessions by later breaking into the machine and
|