Date: Thu, 03 Oct 2002 20:50:20 +0100 From: Mark Murray <mark@grondar.za> To: "Firsto Lasto" <firstolasto@hotmail.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: PRNG not seeded - error in non-root ssh inside 4.6.2 jails... Message-ID: <200210031950.g93JoK20001332@grimreaper.grondar.org> In-Reply-To: <F88c55PUrob2JaBPZYo0000662f@hotmail.com> ; from "Firsto Lasto" <firstolasto@hotmail.com> "Thu, 03 Oct 2002 12:15:52 PDT." References: <F88c55PUrob2JaBPZYo0000662f@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi You only sent me a third of what I asked for :-) M > > Ok, here you are - as a normal user (non root) inside the jail, I have run: > > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > dd: /dev/stdout: Permission denied > > $ ls -asl /dev/stdout > 0 crw------- 1 root wheel 22, 1 Sep 3 21:46 /dev/stdout > > All of this was _after_ I ran the `chmod a+r /dev/*rand*` command. > > So then, as root I ran: `chmod 0666 /dev/stdout` and then I ran your `dd` > command and got: > > $ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > 0+0 records in > 0+0 records out > 0 bytes transferred in 0.000036 secs (0 bytes/sec) > > I hope this is useful, and thank you for your help. > > > > > > > > > I have found that if you create a jail in FreeBSD 4.6.2, and then log > >into > > > that jail ... if you are root you can scp and ssh just fine. However if > >you > > > are not root and you attempt to ssh or scp, you get this error: > > > > > > PRNG is not seeded > > > >Hmmm. > > > > > A few details - first, I created my jail by simply using the dump > >command to > > > dump my / filesystem, and then restoring that inside the jail. Not > >elegant, > > > but it works - so the jail in question has a full /dev and everything. > > > > > > Second, I used the exact same method in 4.6.1 and did not have problems. > > > > > > I saw a usenet post that recommended solving the problem with this: > > > > > > "chmod a+r /dev/*rand*" > > > >You seem to be on the right track in assuming it is a /dev/[u]random > >problem. > > > >Can you confirm this by (as a pleb user) dumping some random output? > > > >$ dd if=/dev/random of=/dev/stdout bs=512 count=1 | hexdump -C > > > >(and same for /dev/urandom). > > > >Please also give a ls -l /dev/*random. > > > > > however I tried that, and now when I try to ssh or scp from a non root > >user > > > inside the jail, I get: > > > > > > "Host key verification failed" > > > > > > Does anyone know why this happens, why it didn't happen prior to 4.6.2, > >and > > > how I can fix it ? > > > >The random device has not changed, but the OpenSSL code has. Maybe > >OpenSSL's > >internal PRNG is doing something naughty. > > > >M > >-- > >o Mark Murray > >\_ > >O.\_ Warning: this .sig is umop ap!sdn > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210031950.g93JoK20001332>