From owner-freebsd-security  Mon Aug  6  4:35:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3])
	by hub.freebsd.org (Postfix) with SMTP id 704E437B405
	for <security@FreeBSD.ORG>; Mon,  6 Aug 2001 04:35:12 -0700 (PDT)
	(envelope-from paulo@nlink.com.br)
Received: (qmail 89007 invoked by uid 501); 6 Aug 2001 11:35:09 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 6 Aug 2001 11:35:09 -0000
Date: Mon, 6 Aug 2001 08:35:09 -0300 (BRT)
From: Paulo Fragoso <paulo@nlink.com.br>
To: Igor Podlesny <poige@morning.ru>
Cc: Kris Kennaway <kris@obsecurity.org>, <security@FreeBSD.ORG>
Subject: Re[2]: SSHD in JAIL
In-Reply-To: <15963958557.20010804103012@morning.ru>
Message-ID: <20010806082311.E84271-100000@mirage.nlink.com.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, 4 Aug 2001, Igor Podlesny wrote:

>
> > On Tue, Jul 31, 2001 at 06:35:28PM -0300, Paulo Fragoso wrote:
> >> On Tue, 31 Jul 2001, Kris Kennaway wrote:
> >>
> >> > On Tue, Jul 31, 2001 at 05:53:21PM -0300, Paulo Fragoso wrote:
> >> > > Hi,
> >> > >
> >> > > We are making a jail using FBSD 4.3-RELEASE but in the jail sshd can't
> >> > > starting:
> >> > >
> >> > > ssh-keygen: no RSA support in libssl and libcrypto.  See ssl(8).
> >> > >
> >> > > How we can buildworld with RSA support in libssl or libcrypto?
> >> >
> >> > The error message really means "I can't find /dev/urandom" :-)
> >>
> >> How we can start sshd in the jail using jail directory mounted with nodev?
>
> Let me ask what is the purpose of nodev in your situation?

I was thinking if jail dir mounted on file system with "nodev" it will
more secure. Anyone colud acess any disks in the jails enviroment. Is it
all right?

>
> I  suggest  using  devfs  (5)  mounted inside your jail dir (not sure,
> though, how about urandom there, but think it should be okay)... seems
> it will solve the problem. At least there is a hope there ;)
>
> > You can't: it needs /dev/urandom.
> > Kris
>

Thanks,
Paulo Fragoso.

> --
>  Igor                            mailto:poige@morning.ru
> http://www.morning.ru/~poige
>
>

-- 
   __O
 _-\<,_     Why drive when you can bike?
(_)/ (_)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message