Date: Tue, 8 Aug 2006 15:59:20 -0500 From: Kevin Day <toasty@dragondata.com> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 Message-ID: <45114657-81B6-4618-BFBB-7BD2EA4D0418@dragondata.com> In-Reply-To: <44D8CB3C.5090906@FreeBSD.org> References: <44D7B860.5080906@secnap.net> <44D8CB3C.5090906@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 8, 2006, at 12:34 PM, Doug Barton wrote: >> (if doing this from an unattended bootup, expecting the 300 second >> timeout, I find that sshd does not start!) > > I cannot imagine a scenario where a competent system administrator > would do > a clean install on a machine, reboot it, and then just walk away > without > first testing to see that all expected services (especially sshd) were > working according to plan. If you can envision such a situation, > please > describe it in more detail. This actually bit us too once. We were doing an unattended diskless (PXE boot) install to 50 servers at a time. These systems were for internal use only, we didn't care at all that the key generation for sshd was done in any secure way, but it meant that we either had to manually go through each server and kickstart the random number generator so sshd would work or hack the rc scripts to do what we really wanted. We got the unattended install down to do exactly what we wanted, so there was no need really to do anything locally on each server after the install. Except this. :) This came up a second time when we had a server on another continent lose its boot drive and we needed some "remote hands" to reinstall the OS for us. We shipped a replacement drive and an install CD configured to do an unattended/automated install. The idea was to give them a replacement hot-swap drive, and a bootable CD that did an automated install. After it was done, all they had to do was remove the CD and power cycle the server. (The people on the other end weren't very technical, so we had to make this extremely easy.) They followed the instructions, and from what we could tell by having them read the text on the screen it looked like it worked. We could ping the server, but not ssh, even though we were certain we had enabled sshd in the install.cfg file. We burned another copy of the CD image and tried it on a system locally to troubleshoot. Except, that since we were watching it, we didn't let the 300 second timeout happen because we were impatient, so it worked for us. It was only after many many hours of debugging that we realized that letting the timeout happen was breaking sshd. So, there are a few reasons for wanting to be able to do an install that just works right off the bat after sysinstall that don't conflict with good sysadmin practices. Maybe sysinstall could be collecting entropy during the installation and use that for an initial seed if the timeout happens? It wouldn't be perfect, but it'd be better than killing ssh.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45114657-81B6-4618-BFBB-7BD2EA4D0418>