On Mon, Nov 18, 2013 at 07:23:55PM +0000, Hendrickson, Kenneth wrote: > Use Case > > I have several headless computers. Their only source of randomness is from > the network. I also have a hardware true random number generator on another > computer. I would like the headless computers to be able to access truly > random numbers from a server - at the kernel level. > > I would like a standard, built into the OS, so I get this improved source of > randomness right from the very first install. > > I want the random numbers encrypted as they transit the network. Ssh already > does this. > > Possible Solutions: > > 1 Spawn a userland program or script which uses ssh, obtains the random > numbers, and then calls add_true_randomness(). > > 2 Configure the kernel with the IP address of the server, and an account > name, and the kernel can obtain truly random numbers whenever it wants. > > What is the best way to achieve my goal? > > Thanks, > Ken Hendrickson > >
You can already do #1 out of the box, more or less: ssh user@randomhost dd if=/dev/random bs=1024 count=1 > /dev/random As a bonus, it's something that you can perform during install after dumping out to the shell temporarily, and stick in a cronjob once the os is installed.
