Re: SSH / SSH-KEYGEN / PRNGD SEED

• Previous message: Greg Norris: "Re: ssh through squid proxy"
• Maybe in reply to: Noel.DelRosario@tokyostarbank.co.jp: "SSH / SSH-KEYGEN / PRNGD SEED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 16 Mar 2003 10:54:49 +0100
From: mgregis@sorint.it
To: secureshell@securityfocus.com

Hi Noel,

this is Max from Milan, italy.....

I've seen your ssh installayion steps....
In Solaris 8 precompiled packaged, i think you've taken from sunfreeware
website,
you have you install 112438-01 patch (/dev/random patch) BEFORE to
create the keys.
Openssh 3.5p1 solaris 8 precompiled package is created for
using /dev/random device and NOT for
using PRNGD daemon.
PRNGD daemon in NOT necessary.

After you installed the patch you've two choiches for
creating /dev/random& urandom devices:

1) reboot the system

2) RUn this script (reboot is not necesary)
#!/usr/bin/ksh
# Set up Solaris random device from patch 112438-01 without reboot
# Moderate error checking only since this should be straightforward.
#
# (c) 2002 Andrew J. Caines. Permission to modify and distribute is
# granted on condition the copyright message is included and
modifications
# are clearly identified.
#
# Incoporating suggestions and changes from these SunManager list
members:
# Thomas Anders <anders@hmi.de>, Dan Astoorian
<djast@cs.toronto.edu>,
# Prümm Gerd <gerd.pruemm@alcatel.ch>, Adam Mazza
<adam@68e.com>.
# Script rewrite for functional changes and reliability improvement based
# on contribution from from Jeff Bledsoe.

PATH=/usr/bin:/usr/sbin

Patch=${Patch:-112438} # Just in case it ever changes

# Set up tempfile
TmpFile=/tmp/.$$.$RANDOM ; rm -f $TmpFile ; touch $TmpFile; chmod
600 $TmpFile

function bailout
{ echo "$*. Exiting" >&2 ; exit 1
}

# Check patch is installed
echo "Checking for patch $Patch...\c"
if showrev -p | egrep -s "^Patch: ${Patch}-"
then echo " installed."
else bailout " not installed. Install it and try again."
fi

# Activate random kernel module with workaround for module dependency
problem
echo "Removing random device from name_to_major"
name_to_major=$(</etc/name_to_major)
echo "$name_to_major" | sed '/random/d' > /etc/name_to_major

# Add driver to create device nodes and load module
echo "Adding driver to system"
add_drv -m '* 0644 root sys' random || bailout "Driver random failed to add"

# Report results
echo "Finished. You now have the following random devices:"
ls -l /dev/*random /devices/pseudo/random@0:*random

# Test
echo "Do you want to test the new device? (y/n) \c"
read yn
case $yn in
    [Yy]*) echo "Running: dd if=/dev/random of=$TmpFile bs=512 count=1"
           dd if=/dev/random of=$TmpFile bs=512 count=1
   echo "Running: strings $TmpFile"
   echo "You should see a few lines of random garbage:"
   ;;
    [Nn]*) echo "Your blind faith will be rewarded in the next life."
           echo "Your reward confiration code is:"
   ;;
esac

strings $TmpFile
rm -f $TmpFile

exit 0

After you ran this script you can install the rest of the SSH packages end
create the keys.

Let me give you an advice:
DON'T start SSHD daemon with inetd, but with a specific script or
by /etc/inittab

Max

------------------------------------------------------------------------
 
Massimiliano Gregis
Sun Microsystems Senior Consultant
Phone.: 035.697534
Mobile.: 347.1167790
Fax.....: 035.697590
E.mail: - mgregis@sorint.it
            - massimiliano@sorint.it
            - massimiliano.gregis@sorint.it
 
Sorint http://www.sorint.it

------------------------------------------------------------------------

• Previous message: Greg Norris: "Re: ssh through squid proxy"
• Maybe in reply to: Noel.DelRosario@tokyostarbank.co.jp: "SSH / SSH-KEYGEN / PRNGD SEED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]