From owner-freebsd-hackers Thu Oct 3 1:10:10 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6517F37B401 for ; Thu, 3 Oct 2002 01:10:08 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B9A943E6A for ; Thu, 3 Oct 2002 01:10:07 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g938A6K6020855; Thu, 3 Oct 2002 09:10:06 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g938A6Xa020854; Thu, 3 Oct 2002 09:10:06 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.6/8.12.5) with ESMTP id g93878xe001071; Thu, 3 Oct 2002 09:07:08 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200210030807.g93878xe001071@grimreaper.grondar.org> To: "Firsto Lasto" Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... References: In-Reply-To: ; from "Firsto Lasto" "Wed, 02 Oct 2002 10:16:01 PDT." Date: Thu, 03 Oct 2002 09:07:08 +0100 From: Mark Murray Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I have found that if you create a jail in FreeBSD 4.6.2, and then log into > that jail ... if you are root you can scp and ssh just fine. However if you > are not root and you attempt to ssh or scp, you get this error: > > PRNG is not seeded Hmmm. > A few details - first, I created my jail by simply using the dump command to > dump my / filesystem, and then restoring that inside the jail. Not elegant, > but it works - so the jail in question has a full /dev and everything. > > Second, I used the exact same method in 4.6.1 and did not have problems. > > I saw a usenet post that recommended solving the problem with this: > > "chmod a+r /dev/*rand*" You seem to be on the right track in assuming it is a /dev/[u]random problem. Can you confirm this by (as a pleb user) dumping some random output? $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C (and same for /dev/urandom). Please also give a ls -l /dev/*random. > however I tried that, and now when I try to ssh or scp from a non root user > inside the jail, I get: > > "Host key verification failed" > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, and > how I can fix it ? The random device has not changed, but the OpenSSL code has. Maybe OpenSSL's internal PRNG is doing something naughty. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message