Re: seeding dev/random in 5.5

--- Michael Scheidell <scheidell@secnap.net> wrote:
> This would affect the generic stock 5.5 install disk as well (it doesn't
> create new keys when it builds a virgin hard disk)
> If a user just hits return, there is no error message, no indication
> that /dev/random wasn't seeded.
> 
> We have a bootable CD rom, has a generic boot/network/vpn/ and dumpfiles
> for virgin install.
> cd rom uses restore to make new HD.
> Id rather like to have different keys on different boxes.  ssh client
> complains when it sees the same keys for several different ip addresses.
> 
Oh. I see... So u just copy a CD to ur HD without any further install
scripts...

I do it different on my remote boxes:
1. I log in to the systems via sshd of the old system
2. Then I turn of one half of the mirror of the root file system
3. Then I un-tar the new base system to that currently unused disk.
4. Then I use bsdlabel and fdisk to make the box boot from the new disk...
5. Then I would create the ssh-host-keys...
6. Then I setup certain files/services like pf, ipfw, user-accounts, passwords,
interfaces, ...
7. Then I would reboot to the freshly installed system (which does not work on
some boxes sometimes, because the BIOS is quite old and does not understand the
boot0cfg settings (-s5 and such)... *sigh*)...
....

Your procedure seems to need operator interaction at the box itself anyway...

So I do not see ur problem... Is it that just pressing [ENTER] (in spite of the
warning) is not enough in ur case (in contradiction to the instructions)? That
would be merely a documentation problem but not a security problem...

-Arne

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"