Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Oct 2002 20:50:20 +0100
From:      Mark Murray <mark@grondar.za>
To:        "Firsto Lasto" <firstolasto@hotmail.com>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... 
Message-ID:  <200210031950.g93JoK20001332@grimreaper.grondar.org>
In-Reply-To: <F88c55PUrob2JaBPZYo0000662f@hotmail.com> ; from "Firsto Lasto" <firstolasto@hotmail.com>  "Thu, 03 Oct 2002 12:15:52 PDT."
References:  <F88c55PUrob2JaBPZYo0000662f@hotmail.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
Hi

You only sent me a third of what I asked for :-) 

M

> 
> Ok, here you are - as a normal user (non root) inside the jail, I have run:
> 
> $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> dd: /dev/stdout: Permission denied
> 
> $ ls -asl /dev/stdout
> 0 crw-------  1 root  wheel   22,   1 Sep  3 21:46 /dev/stdout
> 
> All of this was _after_ I ran the `chmod a+r /dev/*rand*` command.
> 
> So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your `dd` 
> command and got:
> 
> $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> 0+0 records in
> 0+0 records out
> 0 bytes transferred in 0.000036 secs (0 bytes/sec)
> 
> I hope this is useful, and thank you for your help.
> 
> 
> 
> 
> >
> > > I have found that if you create a jail in FreeBSD 4.6.2, and then log 
> >into
> > > that jail ... if you are root you can scp and ssh just fine.  However if 
> >you
> > > are not root and you attempt to ssh or scp, you get this error:
> > >
> > > PRNG is not seeded
> >
> >Hmmm.
> >
> > > A few details - first, I created my jail by simply using the dump 
> >command to
> > > dump my / filesystem, and then restoring that inside the jail.  Not 
> >elegant,
> > > but it works - so the jail in question has a full /dev and everything.
> > >
> > > Second, I used the exact same method in 4.6.1 and did not have problems.
> > >
> > > I saw a usenet post that recommended solving the problem with this:
> > >
> > > "chmod a+r /dev/*rand*"
> >
> >You seem to be on the right track in assuming it is a /dev/[u]random
> >problem.
> >
> >Can you confirm this by (as a pleb user) dumping some random output?
> >
> >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> >
> >(and same for /dev/urandom).
> >
> >Please also give a ls -l /dev/*random.
> >
> > > however I tried that, and now when I try to ssh or scp from a non root 
> >user
> > > inside the jail, I get:
> > >
> > > "Host key verification failed"
> > >
> > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, 
> >and
> > > how I can fix it ?
> >
> >The random device has not changed, but the OpenSSL code has. Maybe 
> >OpenSSL's
> >internal PRNG is doing something naughty.
> >
> >M
> >--
> >o       Mark Murray
> >\_
> >O.\_    Warning: this .sig is umop ap!sdn
> 
> 
> 
> 
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
-- 
o       Mark Murray
\_
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210031950.g93JoK20001332>