On Mon, Aug 04, 2008 at 02:40:01PM +0200, Stanislav Meduna wrote:
> this is just to let you know that the /dev/random problems
> are still not solved in the 2.6.26 version. A small dictionary
> attack on sshd (in my case 260 tries over 12 minutes)
> are able to produce
>
> auth.log.0:Aug 3 05:30:35 dirk sshd[1825]: fatal: Couldn't obtain random
> bytes (error
> 604389476)
>
> and the sshd dies (followed by apache on the first subsequent
> SSL request and so on).
Off the top of my head, you need the following:
2.6.26 UML, which you do
rngtools installed in the UML
sufficient entropy on the host
This last one shouldn't be taken for granted. I had problems with
this when debugging the random driver changes - on my laptop with me
typing on it, mousing, disk going, and network traffic going in and
out. It would be worse on a colocated, no-keyboard, no-mouse, server,
which are notorious for this problem.
> Unfortunately I can't help you in tracing the uml process
> or trying patches - this is a virtual server at my provider
> and I don't have any access there. I could try to get
> the .config file.
You could ask them about how their servers get their randomness.
If nothing else works, I suppose a nasty workaround might be to
replace /dev/random with dev/urandom, but that has security
implications.
Jeff
--
Work email - jdike at linux dot intel dot com
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
