Hi, my question is related to the kex algorithm diffie-hellman-group-exchange-sha256 and moduli generation. I've seen that through ssh-keygen, I'm able to re-generate my moduli file used by DH but I'm note sure to understand one point in the ssh-keygen manpage : "Screened DH groups may be installed in /etc/ssh/moduli. It is important that this file contains moduli of a range of bit lengths and that both ends of a connection share common moduli." I don't understand why both ends of a connection should share a common moduli file ? If I trace the key exchange through wiresharck, I can see that the modulus in transmitted as a public data to the client which is the expected behavior according to the protocol. If I strace the ssh client command (OpenSSH_5.9p1), I do not see any access to the /etc/ssh/moduli file. It seems that the moduli sharing between server and client is automaticaly done by the protocol. So, did I miss something or the manpage has a typo or is not clear ? Maybe the sentence is aimed to say that bit lengths generated must be supported by both ends ? Thanks in advance for your explanation.
