Date: Thu, 03 Oct 2002 09:07:08 +0100 From: Mark Murray <mark@grondar.za> To: "Firsto Lasto" <firstolasto@hotmail.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... Message-ID: <200210030807.g93878xe001071@grimreaper.grondar.org> In-Reply-To: <F104bqJGNzscE8NpqhN00004f00@hotmail.com> ; from "Firsto Lasto" <firstolasto@hotmail.com> "Wed, 02 Oct 2002 10:16:01 PDT." References: <F104bqJGNzscE8NpqhN00004f00@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have found that if you create a jail in FreeBSD 4.6.2, and then log into > that jail ... if you are root you can scp and ssh just fine. However if you > are not root and you attempt to ssh or scp, you get this error: > > PRNG is not seeded Hmmm. > A few details - first, I created my jail by simply using the dump command to > dump my / filesystem, and then restoring that inside the jail. Not elegant, > but it works - so the jail in question has a full /dev and everything. > > Second, I used the exact same method in 4.6.1 and did not have problems. > > I saw a usenet post that recommended solving the problem with this: > > "chmod a+r /dev/*rand*" You seem to be on the right track in assuming it is a /dev/[u]random problem. Can you confirm this by (as a pleb user) dumping some random output? $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C (and same for /dev/urandom). Please also give a ls -l /dev/*random. > however I tried that, and now when I try to ssh or scp from a non root user > inside the jail, I get: > > "Host key verification failed" > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, and > how I can fix it ? The random device has not changed, but the OpenSSL code has. Maybe OpenSSL's internal PRNG is doing something naughty. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210030807.g93878xe001071>