Hosting Provided By

Re: SSH / SSH-KEYGEN / PRNGD SEED

From: <mgregis(at)sorint.it>
Date: Sun Mar 16 2003 - 04:54:49 EST

Hi Noel,

this is Max from Milan, italy.....

I've seen your ssh installayion steps.... In Solaris 8 precompiled packaged, i think you've taken from sunfreeware website,
you have you install 112438-01 patch (/dev/random patch) BEFORE to create the keys.
Openssh 3.5p1 solaris 8 precompiled package is created for using /dev/random device and NOT for
using PRNGD daemon.
PRNGD daemon in NOT necessary.

After you installed the patch you've two choiches for creating /dev/random& urandom devices:

reboot the system
RUn this script (reboot is not necesary)
#!/usr/bin/ksh
# Set up Solaris random device from patch 112438-01 without reboot
# Moderate error checking only since this should be straightforward.
#
# (c) 2002 Andrew J. Caines. Permission to modify and distribute is
# granted on condition the copyright message is included and
modifications
# are clearly identified.
#
# Incoporating suggestions and changes from these SunManager list
members:
# Thomas Anders <anders@hmi.de>, Dan Astoorian
<djast@cs.toronto.edu>,
# Prümm Gerd <gerd.pruemm@alcatel.ch>, Adam Mazza
<adam@68e.com>.
# Script rewrite for functional changes and reliability improvement based
# on contribution from from Jeff Bledsoe.

PATH=/usr/bin:/usr/sbin

Patch=${Patch:-112438} # Just in case it ever changes

# Set up tempfile

TmpFile=/tmp/.$$.$RANDOM ; rm -f $TmpFile ; touch $TmpFile; chmod 600 $TmpFile

function bailout
{ echo "$*. Exiting" >&2 ; exit 1
}

Do you need help?

# Check patch is installed

echo "Checking for patch $Patch...\c"
if showrev -p | egrep -s "^Patch: ${Patch}-" then echo " installed."
else bailout " not installed. Install it and try again." fi

# Activate random kernel module with workaround for module dependency
problem
echo "Removing random device from name_to_major" name_to_major=$(</etc/name_to_major)
echo "$name_to_major" | sed '/random/d' > /etc/name_to_major

# Add driver to create device nodes and load module
echo "Adding driver to system"
add_drv -m '* 0644 root sys' random || bailout "Driver random failed to add"

# Report results

echo "Finished. You now have the following random devices:" ls -l /dev/*random /devices/pseudo/random@0:*random

# Test

echo "Do you want to test the new device? (y/n) \c" read yn
case $yn in

[Yy]*) echo "Running: dd if=/dev/random of=$TmpFile bs=512 count=1"

           dd if=/dev/random of=$TmpFile bs=512 count=1    echo "Running: strings $TmpFile"
   echo "You should see a few lines of random garbage:"    ;;
    [Nn]*) echo "Your blind faith will be rewarded in the next life."

echo "Your reward confiration code is:" ;;
esac

Do you need more help?

strings $TmpFile
rm -f $TmpFile

exit 0

After you ran this script you can install the rest of the SSH packages end create the keys.

Let me give you an advice:
DON'T start SSHD daemon with inetd, but with a specific script or by /etc/inittab

Max

Massimiliano Gregis
Sun Microsystems Senior Consultant
Phone.: 035.697534
Mobile.: 347.1167790
Fax.....: 035.697590
E.mail: - mgregis@sorint.it

massimiliano@sorint.it
massimiliano.gregis@sorint.it

Sorint http://www.sorint.it

Received on Tue Mar 18 01:00:18 2003

This message: [ Message body ]
Next message: Attica: "tunnelling ssh apps on Mac OS X?"
Previous message: Greg Norris: "Re: ssh through squid proxy"
Maybe in reply to: Noel.DelRosario(at)tokyostarbank.co.jp: "SSH / SSH-KEYGEN / PRNGD SEED"
Reply: Max Gregis: "Re: How to configure .rhosts or .shosts so as not to ask password"
Reply: Max Gregis: "Re: How to configure .rhosts or .shosts so as not to ask password"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:55 EDT

Can we help you?