prohibit use of weak dh moduli

[bkw]

Another suggestion based on https://stribika.github.io/2015/01/04/secure-secure-shell.html by @stribika.
Quoting the blog post:

open /etc/ssh/moduli if exists, and delete lines where the 5th column is less than 2000.

I think this would make a nice addition to this cookbook.

Comments?

[bkw]

Note to self:

awk '$5 >= 2000' /etc/ssh/moduli

[stribika]

That sounds good. There is some difference between existing /etc/ssh/moduli and generating it from scratch.

I generate 4096 bit primes only, but the file I had by default had everything between 1024 and 8129 so it will end up containing 2048-8192 bit primes.

[arlimus]

Thank you @bkw for pointing this out, much appreciated!
Also thank you @stribika for your insights!
This one is still in the pipeline but should make it into the next release.

[artem-sidorenko]

me and @atomic111 agreed to push everything besides #132 to the 2.0.0, so I'm changing the milestone