Date: Thu, 03 Oct 2002 12:15:52 -0700 From: "Firsto Lasto" <firstolasto@hotmail.com> To: mark@grondar.za Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... Message-ID: <F88c55PUrob2JaBPZYo0000662f@hotmail.com>
next in thread | raw e-mail | index | archive | help
Ok, here you are - as a normal user (non root) inside the jail, I have run: $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C dd: /dev/stdout: Permission denied $ ls -asl /dev/stdout 0 crw------- 1 root wheel 22, 1 Sep 3 21:46 /dev/stdout All of this was _after_ I ran the `chmod a+r /dev/*rand*` command. So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your `dd` command and got: $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C 0+0 records in 0+0 records out 0 bytes transferred in 0.000036 secs (0 bytes/sec) I hope this is useful, and thank you for your help. > > > I have found that if you create a jail in FreeBSD 4.6.2, and then log >into > > that jail ... if you are root you can scp and ssh just fine. However if >you > > are not root and you attempt to ssh or scp, you get this error: > > > > PRNG is not seeded > >Hmmm. > > > A few details - first, I created my jail by simply using the dump >command to > > dump my / filesystem, and then restoring that inside the jail. Not >elegant, > > but it works - so the jail in question has a full /dev and everything. > > > > Second, I used the exact same method in 4.6.1 and did not have problems. > > > > I saw a usenet post that recommended solving the problem with this: > > > > "chmod a+r /dev/*rand*" > >You seem to be on the right track in assuming it is a /dev/[u]random >problem. > >Can you confirm this by (as a pleb user) dumping some random output? > >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > >(and same for /dev/urandom). > >Please also give a ls -l /dev/*random. > > > however I tried that, and now when I try to ssh or scp from a non root >user > > inside the jail, I get: > > > > "Host key verification failed" > > > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, >and > > how I can fix it ? > >The random device has not changed, but the OpenSSL code has. Maybe >OpenSSL's >internal PRNG is doing something naughty. > >M >-- >o Mark Murray >\_ >O.\_ Warning: this .sig is umop ap!sdn _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F88c55PUrob2JaBPZYo0000662f>