Re: seeding dev/random in 5.5
--H8ygTp4AXg6deix2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Aug 09, 2006 at 09:29:44AM -0400, fwaggle wrote:
> Brooks Davis wrote:
> >On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
> >>--- Doug Barton <dougb@FreeBSD.org> wrote:
> [snip]
> >>* I received a private communication yesterday about this matter. But t=
he=20
> >>list
> >>did not. I will cite (not litterally) a little bit out of that message:=
=20
> >>Since
> >>you do not know anything about the remotely created host-key, u cannot=
=20
> >>connect
> >>safely to the freshly installed box, because: You do not even know the
> >>signature of the new host-key, so that if u connect to the wrong box u=
=20
> >>would
> >>not even known. Workaround: You could give all hosts the same well-known
> >>host-key (via your install-image-CD) and then u could change the host-k=
ey=20
> >>in a
> >>remotely controlled way individually and note down the signature? Maybe=
my
> >>secret informer (lets call him Rasmus or RK) wants to come public... :-)
> >
> >These are valid if probably overly paranoid points. :)
> [/snip]
>=20
> i have a question. perhaps i'm misunderstanding something with how SSH=20
> works, but how would having a "standard freebsd private key" benefit=20
> anyone? if you wanted to impersonate a newly installed freebsd machine,=
=20
> then all you'd need is that freely-available private key. plus you'd get=
=20
> a bunch of clueless admins who had their machines installed by a=20
> dedicated server provider, and who'd never change their host key, which=
=20
> would effectively ruin SSH for their purposes.
>=20
> unless i've seriously missed the boat somewhere (it's happened before!)=
=20
> i think a better solution would still be random key generation with a=20
> nice little option to email the key signature somewhere that the new=20
> admin could pick it up. it's still fraught with impersonation danger for=
=20
> the paranoid, but imo it's a better idea than having a not-so-private=20
> key on install.
I interpreted the suggestion is something to be done via custom install
media. There's no chance in hell the freebsd project would install a
default key since it's such an obviously bad idea.
-- Brooks
--H8ygTp4AXg6deix2
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFE2ePvXY6L6fI4GtQRAn2xAJ48YiIC7YN4OuPvcDMZevqzm+7/EgCgq2Jl
nebczo980bTeAegcV4AYzIM=
=PrLI
-----END PGP SIGNATURE-----
--H8ygTp4AXg6deix2--
討論串 (同標題文章)
完整討論串 (本文為第 15 之 17 篇):