[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] services: Add 'dropbear-service'.
From: |
Leo Famulari |
Subject: |
Re: [PATCH 2/2] services: Add 'dropbear-service'. |
Date: |
Sat, 9 Jul 2016 18:41:25 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
> If so, what does Dropbear do? How does it get random numbers to generate
> the host key?
I looked into it — Dropbear uses /dev/urandom, which *may* not be safe
to use immediately after first boot.
What do you think about implementing the '-R' option, described below?
>From dropbear(8) [0]:
"Host key files are read at startup from a standard location, by default
/etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and
/etc/dropbear/dropbear_ecdsa_host_key or specified on the commandline with -r.
These are of the form generated by dropbearkey. The -R option can be used to
automatically generate keys in the default location - keys will be generated
after startup when the first connection is established. This had the benefit
that the system /dev/urandom random number source has a better chance of being
securely seeded."
[0]
https://github.com/mkj/dropbear/blob/master/dropbear.8#L143
- [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh), David Craven, 2016/07/04
- Re: [PATCH 2/2] services: Add 'dropbear-service'.,
Leo Famulari <=
- Re: [PATCH 2/2] services: Add 'dropbear-service'., Leo Famulari, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/09
- Re: [PATCH 2/2] services: Add 'dropbear-service'., Ludovic Courtès, 2016/07/11
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
- Re: [PATCH 2/2] services: Add 'dropbear-service'., David Craven, 2016/07/13
Re: [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh), Efraim Flashner, 2016/07/05