Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 03 Oct 2002 13:35:09 -0700
From:      "Firsto Lasto" <firstolasto@hotmail.com>
To:        mark@grondar.za
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails...
Message-ID:  <F74mrGjfJNVzTPZENux000067ea@hotmail.com>
next in thread | raw e-mail | index | archive | help 


Sorry, here is the rest:

Here is the output of the `dd` command using urandom:

dd if=/dev/urandom of=/dev/stdout bs=512 count=1 | hexdump -C
1+0 records in
1+0 records out
00000000  a0 69 1a 7c 8f 32 e5 21  ae 7a 33 14 68 0b 8e a6  
|.i.|.2.!.z3.h...|
512 bytes transferred in 0.000472 secs (1084588 bytes/sec)
00000010  31 73 32 99 d1 4b ce 64  06 da b3 85 d9 e2 e6 a5  
|1s2..K.d........|
00000020  fe 75 b6 f8 0b 4a 81 fd  ae 0c d6 27 4a bd 34 69  
|.u...J.....'J.4i|
00000030  bf bb 3a 71 af 01 61 c4  88 86 e3 8b 2a 0c 8a a7  
|..:q..a.....*...|
00000040  35 57 d5 3b ec fc ac 55  9d 52 8b b8 4d 54 ff 95  
|5W.;...U.R..MT..|
00000050  7b 92 e0 ef c8 70 f5 07  73 5a a1 8f b5 09 72 3a  
|{....p..sZ....r:|
00000060  7d 56 f6 69 bb 07 18 d1  24 d8 ba ce f7 b1 5c f6  
|}V.i....$.....\.|
00000070  ff a6 56 8e 44 cd 07 0f  e3 2a 34 d1 b5 ed e7 54  
|..V.D....*4....T|
00000080  cb 0c 7e dd 69 82 20 e5  b8 58 c7 4c d1 64 a1 8d  |..~.i. 
..X.L.d..|
00000090  4d bf df 57 bb 8c d2 06  a2 05 93 e5 ce 3f 0f 8e  
|M..W.........?..|
000000a0  b2 74 97 d9 a7 53 b0 a4  d2 85 dc f9 16 82 5c 21  
|.t...S........\!|
000000b0  61 ec 2f 72 89 13 37 bf  2d b0 f0 4d 29 da 95 03  
|a./r..7.-..M)...|
000000c0  87 ba 51 57 05 cd d3 d4  96 23 4c de 50 70 8c 73  
|..QW.....#L.Pp.s|
000000d0  cc 92 4a 12 f6 aa eb 71  62 8c af de 7f a5 f7 14  
|..J....qb.......|
000000e0  c9 c2 87 a4 37 a5 ec e7  e0 49 6b c2 9e b5 61 14  
|....7....Ik...a.|
000000f0  68 d5 94 67 fa 53 8b 9d  40 b7 b5 af ae 13 c4 5b  
|h..g.S..@......[|
00000100  ad bc 32 bd bb 3c 8f 17  5e 3d fc f8 88 35 25 34  
|..2..<..^=...5%4|
00000110  9f 88 4f ec e5 04 77 f6  f7 da 72 6b 25 fd 0c 4e  
|..O...w...rk%..N|
00000120  26 3f d7 00 1d 33 cb 0b  b1 3d 6d da 49 99 5d 2f  
|&?...3...=m.I.]/|
00000130  89 07 12 9e 5d 9c 56 78  f6 e6 0d b3 96 36 05 d0  
|....].Vx.....6..|
00000140  1e 12 11 71 1c aa 35 f7  95 aa ab de a4 34 5d 31  
|...q..5......4]1|
00000150  21 8e f2 11 dc 56 90 68  a8 2d 1f 4c 18 53 81 79  
|!....V.h.-.L.S.y|
00000160  fc 0d d3 97 85 79 99 47  70 0b 39 e3 7f 25 ee b4  
|.....y.Gp.9..%..|
00000170  ad 87 0f 60 d7 f0 97 84  41 f5 3f 91 be 5b f2 5c  
|...`....A.?..[.\|
00000180  8c b6 52 75 82 d3 ac e4  54 e3 b5 5f b6 6d b9 09  
|..Ru....T.._.m..|
00000190  58 02 47 62 c6 57 a7 7e  c1 c0 78 63 81 11 f4 d8  
|X.Gb.W.~..xc....|
000001a0  3c ee 9c 22 22 b2 31 88  64 fc 4f c5 9a e3 9f bb  
|<.."".1.d.O.....|
000001b0  20 d8 c9 12 34 40 6d 62  1c ac 96 c4 6f 10 d6 7b  | 
...4@mb....o..{|
000001c0  c9 c3 69 d4 e1 b6 3a 68  bd 65 3f 4e d1 b8 e4 c5  
|..i...:h.e?N....|
000001d0  d5 3c 33 df 49 78 16 df  1d 76 72 9b 66 69 ac 82  
|.<3.Ix...vr.fi..|
000001e0  6f e8 9c 35 43 5e 8a 62  17 6d 1a c0 c5 5e 4f c3  
|o..5C^.b.m...^O.|
000001f0  c7 dc 38 e6 b9 19 2e a1  68 66 c1 86 bb a4 8f f5  
|..8.....hf......|
00000200


Again, this is after I chmodded /dev/stdout to 0666 instead of the 0600 that 
it was.

And here is the ls output:

$ ls -l /dev/*rand*
crw-r--r--  1 root  wheel    2,   3 Sep  3 21:46 /dev/random
crw-r--r--  1 root  wheel    2,   4 Sep  3 21:46 /dev/urandom


thank you for your help.


>
>Hi
>
>You only sent me a third of what I asked for :-)
>
>M
>
> >
> > Ok, here you are - as a normal user (non root) inside the jail, I have 
>run:
> >
> > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> > dd: /dev/stdout: Permission denied
> >
> > $ ls -asl /dev/stdout
> > 0 crw-------  1 root  wheel   22,   1 Sep  3 21:46 /dev/stdout
> >
> > All of this was _after_ I ran the `chmod a+r /dev/*rand*` command.
> >
> > So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your 
>`dd`
> > command and got:
> >
> > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> > 0+0 records in
> > 0+0 records out
> > 0 bytes transferred in 0.000036 secs (0 bytes/sec)
> >
> > I hope this is useful, and thank you for your help.
> >
> >
> >
> >
> > >
> > > > I have found that if you create a jail in FreeBSD 4.6.2, and then 
>log
> > >into
> > > > that jail ... if you are root you can scp and ssh just fine.  
>However if
> > >you
> > > > are not root and you attempt to ssh or scp, you get this error:
> > > >
> > > > PRNG is not seeded
> > >
> > >Hmmm.
> > >
> > > > A few details - first, I created my jail by simply using the dump
> > >command to
> > > > dump my / filesystem, and then restoring that inside the jail.  Not
> > >elegant,
> > > > but it works - so the jail in question has a full /dev and 
>everything.
> > > >
> > > > Second, I used the exact same method in 4.6.1 and did not have 
>problems.
> > > >
> > > > I saw a usenet post that recommended solving the problem with this:
> > > >
> > > > "chmod a+r /dev/*rand*"
> > >
> > >You seem to be on the right track in assuming it is a /dev/[u]random
> > >problem.
> > >
> > >Can you confirm this by (as a pleb user) dumping some random output?
> > >
> > >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C
> > >
> > >(and same for /dev/urandom).
> > >
> > >Please also give a ls -l /dev/*random.
> > >
> > > > however I tried that, and now when I try to ssh or scp from a non 
>root
> > >user
> > > > inside the jail, I get:
> > > >
> > > > "Host key verification failed"
> > > >
> > > > Does anyone know why this happens, why it didn't happen prior to 
>4.6.2,
> > >and
> > > > how I can fix it ?
> > >
> > >The random device has not changed, but the OpenSSL code has. Maybe
> > >OpenSSL's
> > >internal PRNG is doing something naughty.
> > >
> > >M
> > >--
> > >o       Mark Murray
> > >\_
> > >O.\_    Warning: this .sig is umop ap!sdn
> >
> >
> >
> >
> > _________________________________________________________________
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
>--
>o       Mark Murray
>\_
>O.\_    Warning: this .sig is umop ap!sdn




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F74mrGjfJNVzTPZENux000067ea>