From owner-freebsd-hackers Thu Oct 3 12:15:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52B0537B401 for ; Thu, 3 Oct 2002 12:15:53 -0700 (PDT) Received: from hotmail.com (f88.sea1.hotmail.com [207.68.163.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id F268143E3B for ; Thu, 3 Oct 2002 12:15:52 -0700 (PDT) (envelope-from firstolasto@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 3 Oct 2002 12:15:52 -0700 Received: from 12.235.232.75 by sea1fd.sea1.hotmail.msn.com with HTTP; Thu, 03 Oct 2002 19:15:52 GMT X-Originating-IP: [12.235.232.75] From: "Firsto Lasto" To: mark@grondar.za Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... Date: Thu, 03 Oct 2002 12:15:52 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 03 Oct 2002 19:15:52.0771 (UTC) FILETIME=[4A76C930:01C26B11] Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok, here you are - as a normal user (non root) inside the jail, I have run: $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C dd: /dev/stdout: Permission denied $ ls -asl /dev/stdout 0 crw------- 1 root wheel 22, 1 Sep 3 21:46 /dev/stdout All of this was _after_ I ran the `chmod a+r /dev/*rand*` command. So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your `dd` command and got: $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C 0+0 records in 0+0 records out 0 bytes transferred in 0.000036 secs (0 bytes/sec) I hope this is useful, and thank you for your help. > > > I have found that if you create a jail in FreeBSD 4.6.2, and then log >into > > that jail ... if you are root you can scp and ssh just fine. However if >you > > are not root and you attempt to ssh or scp, you get this error: > > > > PRNG is not seeded > >Hmmm. > > > A few details - first, I created my jail by simply using the dump >command to > > dump my / filesystem, and then restoring that inside the jail. Not >elegant, > > but it works - so the jail in question has a full /dev and everything. > > > > Second, I used the exact same method in 4.6.1 and did not have problems. > > > > I saw a usenet post that recommended solving the problem with this: > > > > "chmod a+r /dev/*rand*" > >You seem to be on the right track in assuming it is a /dev/[u]random >problem. > >Can you confirm this by (as a pleb user) dumping some random output? > >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > >(and same for /dev/urandom). > >Please also give a ls -l /dev/*random. > > > however I tried that, and now when I try to ssh or scp from a non root >user > > inside the jail, I get: > > > > "Host key verification failed" > > > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, >and > > how I can fix it ? > >The random device has not changed, but the OpenSSL code has. Maybe >OpenSSL's >internal PRNG is doing something naughty. > >M >-- >o Mark Murray >\_ >O.\_ Warning: this .sig is umop ap!sdn _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message