Date: Tue, 8 Aug 2006 08:06:12 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Michael Scheidell <scheidell@secnap.net> Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 Message-ID: <20060808150612.37008.qmail@web30315.mail.mud.yahoo.com> In-Reply-To: <44D89D89.2080502@secnap.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Michael Scheidell <scheidell@secnap.net> wrote: > This would affect the generic stock 5.5 install disk as well (it doesn't > create new keys when it builds a virgin hard disk) > If a user just hits return, there is no error message, no indication > that /dev/random wasn't seeded. > > We have a bootable CD rom, has a generic boot/network/vpn/ and dumpfiles > for virgin install. > cd rom uses restore to make new HD. > Id rather like to have different keys on different boxes. ssh client > complains when it sees the same keys for several different ip addresses. > Oh. I see... So u just copy a CD to ur HD without any further install scripts... I do it different on my remote boxes: 1. I log in to the systems via sshd of the old system 2. Then I turn of one half of the mirror of the root file system 3. Then I un-tar the new base system to that currently unused disk. 4. Then I use bsdlabel and fdisk to make the box boot from the new disk... 5. Then I would create the ssh-host-keys... 6. Then I setup certain files/services like pf, ipfw, user-accounts, passwords, interfaces, ... 7. Then I would reboot to the freshly installed system (which does not work on some boxes sometimes, because the BIOS is quite old and does not understand the boot0cfg settings (-s5 and such)... *sigh*)... ... Your procedure seems to need operator interaction at the box itself anyway... So I do not see ur problem... Is it that just pressing [ENTER] (in spite of the warning) is not enough in ur case (in contradiction to the instructions)? That would be merely a documentation problem but not a security problem... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060808150612.37008.qmail>