Re: seeding dev/random in 5.5

--- Michael Scheidell <scheidell@xxxxxxxxxx> wrote:
This would affect the generic stock 5.5 install disk as well (it doesn't
create new keys when it builds a virgin hard disk)
If a user just hits return, there is no error message, no indication
that /dev/random wasn't seeded.

We have a bootable CD rom, has a generic boot/network/vpn/ and dumpfiles
for virgin install.
cd rom uses restore to make new HD.
Id rather like to have different keys on different boxes. ssh client
complains when it sees the same keys for several different ip addresses.

Oh. I see... So u just copy a CD to ur HD without any further install
scripts...

I do it different on my remote boxes:
1. I log in to the systems via sshd of the old system
2. Then I turn of one half of the mirror of the root file system
3. Then I un-tar the new base system to that currently unused disk.
4. Then I use bsdlabel and fdisk to make the box boot from the new disk...
5. Then I would create the ssh-host-keys...
6. Then I setup certain files/services like pf, ipfw, user-accounts, passwords,
interfaces, ...
7. Then I would reboot to the freshly installed system (which does not work on
some boxes sometimes, because the BIOS is quite old and does not understand the
boot0cfg settings (-s5 and such)... *sigh*)...
...

Your procedure seems to need operator interaction at the box itself anyway...

So I do not see ur problem... Is it that just pressing [ENTER] (in spite of the
warning) is not enough in ur case (in contradiction to the instructions)? That
would be merely a documentation problem but not a security problem...

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"