Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 04 Jun 2008 11:00:48 -0800
From: Jonathan Smith <>
Subject: Re: OpenSSH key blacklisting

Hash: SHA256

The Fungi wrote:
| Not to be argumentative, but have you installed OpenBSD lately
| (effectively the reference platform for OpenSSH development)? For
| years, its base install has run sshd by default, generated host keys
| at first boot, and not prompted at the console for human interaction
| to augment entropy for this process. I find it hard to blame this
| *particular* behavior on Debian (unless you're suggesting that they
| strong-armed OpenSSH upstream to integrate these changes on their
| behalf?).

rPath also auto-generates keys using the initscript found in the openssh
source. In the unpacked tarball, it is called contrib/redhat/sshd.init.
So, presumably, Red Hat does the same. Key generation pulls random bits
from /dev/random, though, and thus blocks until enough randomness is
available. That actually caused me some problems once when the machine
hung on first-boot until it got enough disk interrupts or whatever.


Version: GnuPG v2.0.9 (GNU/Linux)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.