oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSH key blacklisting

From: Jonathan Smith <smithj () freethemallocs com>
Date: Wed, 04 Jun 2008 11:00:48 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The Fungi wrote:
| Not to be argumentative, but have you installed OpenBSD lately
| (effectively the reference platform for OpenSSH development)? For
| years, its base install has run sshd by default, generated host keys
| at first boot, and not prompted at the console for human interaction
| to augment entropy for this process. I find it hard to blame this
| *particular* behavior on Debian (unless you're suggesting that they
| strong-armed OpenSSH upstream to integrate these changes on their
| behalf?).

rPath also auto-generates keys using the initscript found in the openssh
source. In the unpacked tarball, it is called contrib/redhat/sshd.init.
So, presumably, Red Hat does the same. Key generation pulls random bits
from /dev/random, though, and thus blocks until enough randomness is
available. That actually caused me some problems once when the machine
hung on first-boot until it got enough disk interrupts or whatever.

        smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkhG5mAACgkQCG91qXPaRenT1wCeOQF0FIJ4mGzu6t7kgyktngML
AEAAn2rvxOY/txkB44bXgvMk2l1eUElA
=ldUl
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: