Date: Thu, 03 Oct 2002 13:35:09 -0700 From: "Firsto Lasto" <firstolasto@hotmail.com> To: mark@grondar.za Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... Message-ID: <F74mrGjfJNVzTPZENux000067ea@hotmail.com>
next in thread | raw e-mail | index | archive | help
Sorry, here is the rest: Here is the output of the `dd` command using urandom: dd if=/dev/urandom of=/dev/stdout bs=512 count=1 | hexdump -C 1+0 records in 1+0 records out 00000000 a0 69 1a 7c 8f 32 e5 21 ae 7a 33 14 68 0b 8e a6 |.i.|.2.!.z3.h...| 512 bytes transferred in 0.000472 secs (1084588 bytes/sec) 00000010 31 73 32 99 d1 4b ce 64 06 da b3 85 d9 e2 e6 a5 |1s2..K.d........| 00000020 fe 75 b6 f8 0b 4a 81 fd ae 0c d6 27 4a bd 34 69 |.u...J.....'J.4i| 00000030 bf bb 3a 71 af 01 61 c4 88 86 e3 8b 2a 0c 8a a7 |..:q..a.....*...| 00000040 35 57 d5 3b ec fc ac 55 9d 52 8b b8 4d 54 ff 95 |5W.;...U.R..MT..| 00000050 7b 92 e0 ef c8 70 f5 07 73 5a a1 8f b5 09 72 3a |{....p..sZ....r:| 00000060 7d 56 f6 69 bb 07 18 d1 24 d8 ba ce f7 b1 5c f6 |}V.i....$.....\.| 00000070 ff a6 56 8e 44 cd 07 0f e3 2a 34 d1 b5 ed e7 54 |..V.D....*4....T| 00000080 cb 0c 7e dd 69 82 20 e5 b8 58 c7 4c d1 64 a1 8d |..~.i. ..X.L.d..| 00000090 4d bf df 57 bb 8c d2 06 a2 05 93 e5 ce 3f 0f 8e |M..W.........?..| 000000a0 b2 74 97 d9 a7 53 b0 a4 d2 85 dc f9 16 82 5c 21 |.t...S........\!| 000000b0 61 ec 2f 72 89 13 37 bf 2d b0 f0 4d 29 da 95 03 |a./r..7.-..M)...| 000000c0 87 ba 51 57 05 cd d3 d4 96 23 4c de 50 70 8c 73 |..QW.....#L.Pp.s| 000000d0 cc 92 4a 12 f6 aa eb 71 62 8c af de 7f a5 f7 14 |..J....qb.......| 000000e0 c9 c2 87 a4 37 a5 ec e7 e0 49 6b c2 9e b5 61 14 |....7....Ik...a.| 000000f0 68 d5 94 67 fa 53 8b 9d 40 b7 b5 af ae 13 c4 5b |h..g.S..@......[| 00000100 ad bc 32 bd bb 3c 8f 17 5e 3d fc f8 88 35 25 34 |..2..<..^=...5%4| 00000110 9f 88 4f ec e5 04 77 f6 f7 da 72 6b 25 fd 0c 4e |..O...w...rk%..N| 00000120 26 3f d7 00 1d 33 cb 0b b1 3d 6d da 49 99 5d 2f |&?...3...=m.I.]/| 00000130 89 07 12 9e 5d 9c 56 78 f6 e6 0d b3 96 36 05 d0 |....].Vx.....6..| 00000140 1e 12 11 71 1c aa 35 f7 95 aa ab de a4 34 5d 31 |...q..5......4]1| 00000150 21 8e f2 11 dc 56 90 68 a8 2d 1f 4c 18 53 81 79 |!....V.h.-.L.S.y| 00000160 fc 0d d3 97 85 79 99 47 70 0b 39 e3 7f 25 ee b4 |.....y.Gp.9..%..| 00000170 ad 87 0f 60 d7 f0 97 84 41 f5 3f 91 be 5b f2 5c |...`....A.?..[.\| 00000180 8c b6 52 75 82 d3 ac e4 54 e3 b5 5f b6 6d b9 09 |..Ru....T.._.m..| 00000190 58 02 47 62 c6 57 a7 7e c1 c0 78 63 81 11 f4 d8 |X.Gb.W.~..xc....| 000001a0 3c ee 9c 22 22 b2 31 88 64 fc 4f c5 9a e3 9f bb |<.."".1.d.O.....| 000001b0 20 d8 c9 12 34 40 6d 62 1c ac 96 c4 6f 10 d6 7b | ...4@mb....o..{| 000001c0 c9 c3 69 d4 e1 b6 3a 68 bd 65 3f 4e d1 b8 e4 c5 |..i...:h.e?N....| 000001d0 d5 3c 33 df 49 78 16 df 1d 76 72 9b 66 69 ac 82 |.<3.Ix...vr.fi..| 000001e0 6f e8 9c 35 43 5e 8a 62 17 6d 1a c0 c5 5e 4f c3 |o..5C^.b.m...^O.| 000001f0 c7 dc 38 e6 b9 19 2e a1 68 66 c1 86 bb a4 8f f5 |..8.....hf......| 00000200 Again, this is after I chmodded /dev/stdout to 0666 instead of the 0600 that it was. And here is the ls output: $ ls -l /dev/*rand* crw-r--r-- 1 root wheel 2, 3 Sep 3 21:46 /dev/random crw-r--r-- 1 root wheel 2, 4 Sep 3 21:46 /dev/urandom thank you for your help. > >Hi > >You only sent me a third of what I asked for :-) > >M > > > > > Ok, here you are - as a normal user (non root) inside the jail, I have >run: > > > > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > > dd: /dev/stdout: Permission denied > > > > $ ls -asl /dev/stdout > > 0 crw------- 1 root wheel 22, 1 Sep 3 21:46 /dev/stdout > > > > All of this was _after_ I ran the `chmod a+r /dev/*rand*` command. > > > > So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your >`dd` > > command and got: > > > > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > > 0+0 records in > > 0+0 records out > > 0 bytes transferred in 0.000036 secs (0 bytes/sec) > > > > I hope this is useful, and thank you for your help. > > > > > > > > > > > > > > > I have found that if you create a jail in FreeBSD 4.6.2, and then >log > > >into > > > > that jail ... if you are root you can scp and ssh just fine. >However if > > >you > > > > are not root and you attempt to ssh or scp, you get this error: > > > > > > > > PRNG is not seeded > > > > > >Hmmm. > > > > > > > A few details - first, I created my jail by simply using the dump > > >command to > > > > dump my / filesystem, and then restoring that inside the jail. Not > > >elegant, > > > > but it works - so the jail in question has a full /dev and >everything. > > > > > > > > Second, I used the exact same method in 4.6.1 and did not have >problems. > > > > > > > > I saw a usenet post that recommended solving the problem with this: > > > > > > > > "chmod a+r /dev/*rand*" > > > > > >You seem to be on the right track in assuming it is a /dev/[u]random > > >problem. > > > > > >Can you confirm this by (as a pleb user) dumping some random output? > > > > > >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > > > > > >(and same for /dev/urandom). > > > > > >Please also give a ls -l /dev/*random. > > > > > > > however I tried that, and now when I try to ssh or scp from a non >root > > >user > > > > inside the jail, I get: > > > > > > > > "Host key verification failed" > > > > > > > > Does anyone know why this happens, why it didn't happen prior to >4.6.2, > > >and > > > > how I can fix it ? > > > > > >The random device has not changed, but the OpenSSL code has. Maybe > > >OpenSSL's > > >internal PRNG is doing something naughty. > > > > > >M > > >-- > > >o Mark Murray > > >\_ > > >O.\_ Warning: this .sig is umop ap!sdn > > > > > > > > > > _________________________________________________________________ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > >-- >o Mark Murray >\_ >O.\_ Warning: this .sig is umop ap!sdn _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F74mrGjfJNVzTPZENux000067ea>