SSH Frequently Asked Questions
My OpenSSH server keeps logging this message:
WARNING: /etc/primes does not exist, using old prime
This sounds bad; what does it mean?
The short answer is that this message is undocumented and confusing, and there's nothing to worry about.
The long answer:
OpenSSH 2.3.0 and later implements two key-exchange methods: the existing diffie-hellman-group1-sha1 documented in the SSH transport draft, and a proposed more general method called diffie-hellman-group-exchange-sha1.
The Diffie-Hellman key exchange requires the participants to agree on some initial parameters: a large prime p, and another number g which generates a large multiplicative subgroup of GF(p). These parameters need not be secret, and the diffie-hellman-group1-sha1 method uses a particular, fixed choice of (p,g).
The new method allows the speakers to negotiate a new (p,g) for each key exchange. This deals with concerns that using the same (p,g) over time is dangerous, since it invites precomputation and other specialized attacks on those particular parameters.
The file ETCDIR/primes
is where sshd keeps its stash
of possible Diffie-Hellman parameters (the draft suggests the server might
compute random new values in the background; the current OpenSSH
implementation just uses a fixed store of them). When you use the OpenSSH
client and server together, they use the new method but if the
primes
file doesn't exist, the server has no other DH
parameters to offer, and it uses the known diffie-hellman-group1-sha1
parameters. The warning message about "using old prime" is a bit
misleading, since it sounds as if something is being reused which ought
not to be. Really, it means "using the parameters from the old
key-exchange method."
You won't see this message when all clients connect to the OpenSSH server, but rather only with ones that use the new key-exchange method. The only ones we know of at the moment that do this are OpenSSH and MindTerm.
This is not an issue on OpenBSD, since the base OpenBSD 2.8 release
includes an /etc/primes
file. The pre-2.5.1 "portable"
OpenSSH releases for other platforms did not include the primes file, so
this warning message would occur regularly when using OpenSSH on anything
besides OpenBSD. OpenSSH-2.5.1p1 does include a primes file, so this is
no longer an issue. Here is a copy of that primes
file.