Date: Wed, 04 Jun 2008 11:00:48 -0800 From: Jonathan Smith <smithj@...ethemallocs.com> To: oss-security@...ts.openwall.com Subject: Re: OpenSSH key blacklisting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The Fungi wrote: | Not to be argumentative, but have you installed OpenBSD lately | (effectively the reference platform for OpenSSH development)? For | years, its base install has run sshd by default, generated host keys | at first boot, and not prompted at the console for human interaction | to augment entropy for this process. I find it hard to blame this | *particular* behavior on Debian (unless you're suggesting that they | strong-armed OpenSSH upstream to integrate these changes on their | behalf?). rPath also auto-generates keys using the initscript found in the openssh source. In the unpacked tarball, it is called contrib/redhat/sshd.init. So, presumably, Red Hat does the same. Key generation pulls random bits from /dev/random, though, and thus blocks until enough randomness is available. That actually caused me some problems once when the machine hung on first-boot until it got enough disk interrupts or whatever. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREIAAYFAkhG5mAACgkQCG91qXPaRenT1wCeOQF0FIJ4mGzu6t7kgyktngML AEAAn2rvxOY/txkB44bXgvMk2l1eUElA =ldUl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.