From: Mike's List (mikelist@sky.net)
Date: Tue Apr 16 2002 - 10:56:54 EDT
After I posted the summary, I received a couple of e-mails asking...
How do you verify that /dev/random is in fact being used?
Openssh has built-in random number generation, and openssl
at sunfreeware.com compile to used PRNGD so you need PRNGD?
I always thought if /dev/random doesn't exists the key wouldn't generate
and sshd wouldn't even be running and negotiate the protocol (note, telnet
was turn off on my server, so no telnet to fall back on).
Any other procedures I can do to verify that /dev/random is in fact being
used? Everything on the server seems to indicate that ssh is working.
- Mike
On Mon, 15 Apr 2002, Mike's List wrote:
> Thanks to all that replied, sorry for the delay, just now finishing up my
> server... Casper Dik, system administrator, keith@smith.net, Jeffrey Tay,
> David Foster, and anyone I missed.
>
> I installed all the packages from sunfreeware.com (w/out PRNGD) and ssh
> seems to work just fine...fingerprint deleted below for security reason ;)
>
>
> - Mike
>
>
> # ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
> Generating public/private rsa1 key pair.
> Your identification has been saved in /usr/local/etc/ssh_host_key.
> Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
> The key fingerprint is:
> # ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
> Generating public/private dsa key pair.
> Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
> Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
> The key fingerprint is:
> # ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
> Generating public/private rsa key pair.
> Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
> Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
> The key fingerprint is:
>
>
>
> On Fri, 5 Apr 2002, Mike's List wrote:
>
> > Just need to confirm, with the patch 112438-01 installed, you DO NOT need
> > the below? (openssh installation procedure #2 AND install prngd?) Yes?
> >
> >
> > - Mike
> >
> >
> > Step Two: Getting Entropy
> >
> > The next step in installation is to start the generation of entropy for use
> > by openssl and openssh. This is done with the prngd program. To set this
> > up, read the README.prngd file. Make sure you have /usr/local/bin in your
> > PATH first. Now go to your /var/log, /var/adm, or similar directories and
> > look for some log files like messages, syslog, etc. Make sure you are
> > logged in as root user and run
> >
> > cat ....various log files from your /var/log or /var/adm directories... >
> > /usr/local/etc/prngd/prngd-seed
> >
> > such as
> >
> > cat syslog messages > /usr/local/etc/prngd/prngd-seed
> >
> > Then run
> >
> > mkdir /var/spool/prngd
> >
> > /usr/local/bin/prngd /var/spool/prngd/pool
> >
> > This should start up the prngd daemon and start generating entropy. You can
> > check this by running
> >
> > /usr/local/bin/egc.pl /var/spool/prngd/pool get
> >
> > which, if the egd package (see README.egd) is installed along with perl,
> > will give a message like
> >
> > 32800 bits of entropy in pool
> >
>
>
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:12 EDT