oss-sec mailing list archives
Re: OpenSSH key blacklisting
From: Jonathan Smith <smithj () freethemallocs com>
Date: Wed, 04 Jun 2008 11:00:48 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The Fungi wrote: | Not to be argumentative, but have you installed OpenBSD lately | (effectively the reference platform for OpenSSH development)? For | years, its base install has run sshd by default, generated host keys | at first boot, and not prompted at the console for human interaction | to augment entropy for this process. I find it hard to blame this | *particular* behavior on Debian (unless you're suggesting that they | strong-armed OpenSSH upstream to integrate these changes on their | behalf?). rPath also auto-generates keys using the initscript found in the openssh source. In the unpacked tarball, it is called contrib/redhat/sshd.init. So, presumably, Red Hat does the same. Key generation pulls random bits from /dev/random, though, and thus blocks until enough randomness is available. That actually caused me some problems once when the machine hung on first-boot until it got enough disk interrupts or whatever. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREIAAYFAkhG5mAACgkQCG91qXPaRenT1wCeOQF0FIJ4mGzu6t7kgyktngML AEAAn2rvxOY/txkB44bXgvMk2l1eUElA =ldUl -----END PGP SIGNATURE-----
Current thread:
- Re: OpenSSH key blacklisting, (continued)
- Re: OpenSSH key blacklisting Matthias Andree (May 20)
- Re: OpenSSH key blacklisting Solar Designer (May 27)
- Re: OpenSSH key blacklisting Dmitry V. Levin (May 27)
- Re: OpenSSH key blacklisting Tim Brown (May 28)
- Re: OpenSSH key blacklisting Sebastian Krahmer (May 28)
- Re: OpenSSH key blacklisting Tim Brown (Jun 02)
- Re: OpenSSH key blacklisting Sebastian Krahmer (Jun 02)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting The Fungi (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting Jonathan Smith (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (May 28)
- Re: OpenSSH key blacklisting Florian Weimer (May 28)
- Re: OpenSSH key blacklisting Mike Frysinger (May 31)
- Re: OpenSSH key blacklisting Solar Designer (May 16)
- Re: OpenSSH key blacklisting Gustavo De Nardin (spuk) (May 16)