On Wed, Jun 20, 2007 at 10:39:18AM +0200, Miroslaw Dach wrote: > I am wandering what is the meaning of : Not forking?
It's just an informational message that it isn't going to be backgrounded (ie, the -F flag). I'll make that message clearer. > second time when I have started the dropbear I have got: > > failed reading /etc/dropbear/dropbear_rsa_host_key disabling RSA > Warning: Reading the random source seems to have blocked. > If you experience problems, you probably need to find a better entropy > source. The problem is that your system doesn't have enough entropy to run. You can make it use /dev/urandom (which won't block) instead of /dev/random by changing options.h. I'm considering making /dev/urandom the default, however this could mask a security issue in embedded systems. If the random number generator is initialised to the same state at every startup in every device produced, then it could be feasible for an attacker to defeat SSH's cryptographic security. /dev/random is usually overkill, but it does provide a guarantee that the system has sufficient entropy. Ideally the kernel would provide a '/dev/brandom' that blocks initially, but behaves the same as urandom (not depleting entropy counts) once sufficient entropy has been gathered. See http://lxr.linux.no/source/drivers/char/random.c for some comments on storing entropy between reboots. > Is it somehow possible to run dropbear as a daemon or via inetd? You can run it as a daemon by default, the -E -F flags are just for debugging. You can also run it with -i via inetd. Cheers, Matt
