seeding dev/random in 5.5

Kevin Day toasty at dragondata.com
Tue Aug 8 20:59:15 UTC 2006 

On Aug 8, 2006, at 12:34 PM, Doug Barton wrote:
>> (if doing this from an unattended bootup, expecting the 300 second
>> timeout, I find that sshd does not start!)
>
> I cannot imagine a scenario where a competent system administrator  
> would do
> a clean install on a machine, reboot it, and then just walk away  
> without
> first testing to see that all expected services (especially sshd) were
> working according to plan. If you can envision such a situation,  
> please
> describe it in more detail.


This actually bit us too once. We were doing an unattended diskless  
(PXE boot) install to 50 servers at a time. These systems were for  
internal use only, we didn't care at all that the key generation for  
sshd was done in any secure way, but it meant that we either had to  
manually go through each server and kickstart the random number  
generator so sshd would work or hack the rc scripts to do what we  
really wanted.

We got the unattended install down to do exactly what we wanted, so  
there was no need really to do anything locally on each server after  
the install. Except this. :)


This came up a second time when we had a server on another continent  
lose its boot drive and we needed some "remote hands" to reinstall  
the OS for us. We shipped a replacement drive and an install CD  
configured to do an unattended/automated install. The idea was to  
give them a replacement hot-swap drive, and a bootable CD that did an  
automated install. After it was done, all they had to do was remove  
the CD and power cycle the server. (The people on the other end  
weren't very technical, so we had to make this extremely easy.) They  
followed the instructions, and from what we could tell by having them  
read the text on the screen it looked like it worked. We could ping  
the server, but not ssh,  even though we were certain we had enabled  
sshd in the install.cfg file. We burned another copy of the CD image  
and tried it on a system locally to troubleshoot. Except, that since  
we were watching it, we didn't let the 300 second timeout happen  
because we were impatient, so it worked for us. It was only after  
many many hours of debugging that we realized that letting the  
timeout happen was breaking sshd.

So, there are a few reasons for wanting to be able to do an install  
that just works right off the bat after sysinstall that don't  
conflict with good sysadmin practices.



Maybe sysinstall could be collecting entropy during the installation  
and use that for an initial seed if the timeout happens? It wouldn't  
be perfect, but it'd be better than killing ssh.

More information about the freebsd-security mailing list