Re: seeding dev/random in 5.5
--- fwaggle <fwaggle@hungryhacker.com> wrote:
> i have a question. perhaps i'm misunderstanding something with how SSH
> works, but how would having a "standard freebsd private key" benefit
> anyone? if you wanted to impersonate a newly installed freebsd machine,
> then all you'd need is that freely-available private key. plus you'd get
> a bunch of clueless admins who had their machines installed by a
> dedicated server provider, and who'd never change their host key, which
> would effectively ruin SSH for their purposes.
>
Hmm... I was refering to the special problem of the beginner of this thread...
As far as I understood him, he creates very special CDs, that are copied to the
to-be-updated-box, that is buried very deeply in a computing centre.
Those CDs may contain his special install-host-key without the problems u
describe...
> unless i've seriously missed the boat somewhere (it's happened before!)
> i think a better solution would still be random key generation with a
> nice little option to email the key signature somewhere that the new
> admin could pick it up. it's still fraught with impersonation danger for
> the paranoid, but imo it's a better idea than having a not-so-private
> key on install.
>
Hmm... But then he would have the problem with a more complicated operation
procedure, which has to be translated into hollandish-language (which is
astonishingly quite similar to Africaans)...
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 17 之 17 篇):