[Twisted-Python] conch bytes/str traceback when /etc/ssh/moduli is not present
Glyph
glyph at twistedmatrix.com
Fri Mar 5 16:54:28 MST 2021
> On Mar 5, 2021, at 3:24 AM, Colin Watson <cjwatson at debian.org> wrote:
>
> On Thu, Mar 04, 2021 at 04:16:59PM -0800, Glyph wrote:
>> There are a bunch of tickets you could file here:
>>
>> Fixing the search path to comport with modern standards
>> Automatically generating a new one in a writable location if none exists
>> Better handle the case where it really truly doesn't exist and can't be generated (read-only filesystem or no readily discoverable, secure read/write locations)
>>
>> and in fact probably all of these are valid :)
>
> Probably not the second. Generating a new set of suitable DH moduli
> takes a while (IIRC hours) - it's not something you'd want to do as part
> of any kind of interactive process.
For what it's worth, `ssh-keygen -G` on my laptop took 2 and a half minutes, `ssh-keygen -T` took 5. It's slow, maybe even too slow for interactive use, but not quite "hours".
-g
More information about the Twisted-Python
mailing list