04-12-2010
A typical problem is a removed access to the random-device. This is how it comes to this:
Some security-idiots without any semblance of UNIX-knowhow prescribe a UMASK of 277 (instead of the system default of 022). This causes new files, directories, etc. to be created without any access for users per default (which is a "great" idea in itself, because root is supposed not to work for the users anyway, is he?). If such a root-account now touches /dev/random somehow no user can use it any more and ssh (that is: the underlying OpenSSL-library) will hang, because this exception is not foreseen and hence not taken care of.
I have seen this sort of idiocy with the UMASK now at least 3 times in different places so i presume there is some "security"-primer out written by some malevolent computer-hater with a hidden agenda to render all UNIX-systems useless.
I hope this helps.
bakunin
9 More Discussions You Might Find Interesting
1. AIX
I'm stuck - when I boot the machine and hit 5 on the keyboard, all I get is an SP login. Can someone give me some tips on how to get to the install via the serial port? (2 Replies)
Discussion started by: tb0ne
2 Replies
2. AIX
Hi ,
I am having problem,users are not able to login through ssh or telnet.Only we can login as root user in console.
Restarted telnet and sshd ,no luck. Any ideas.
AIX -- 5.2 ML 07
Thanks,
MNK (1 Reply)
Discussion started by: mnkfre
1 Replies
3. HP-UX
I have a HP Visualize C200 running hpux that I am trying to boot into using a null modem through com1 from my Sun Ultra 10. I get all the way to the login prompt and then it becomes innactive and wont let me access the machine anymore. Any ideas? (2 Replies)
Discussion started by: trajek
2 Replies
4. Programming
why is it that:
#include <sys/stat.h>
#include <stdio.h>
int main(int argc, char **argv)
{
mkdir("testDir", S_IRUSR|S_IWUSR|S_IXUSR);
return 0;
}
works from the console when i type ./a.out but when clicked on from a window manager, it does diddly squat??? Interested to... (8 Replies)
Discussion started by: jasonkb
8 Replies
5. Solaris
when I type start /SP/console... the console shows up but i cannot type anything over there. I do not understand what might be the reason for that.
-> start /SP/console
Are you sure you want to start /SP/console (y/n)? y
Serial console started. To stop, type ESC (
I pressed enter many... (8 Replies)
Discussion started by: bharu_sri
8 Replies
6. Solaris
I am running solaris 8 on a sparcs box. The system is connected to a lightwave console server. I have a script that hangs when sending output to '/dev/console'. Any ideas?
-V (2 Replies)
Discussion started by: vada010
2 Replies
7. UNIX for Dummies Questions & Answers
1)
ssh a@b
echo $USER it display the correct value as a (even though i have not defined it in .profile)
2)
remsh b -l a
echo $USER it does not display the value as a (variable is not set
any idea why $USER variable is not initialized when i login via remsh or rlogin but shows the... (10 Replies)
Discussion started by: reldb
10 Replies
8. UNIX for Dummies Questions & Answers
Hi Gurus,
Can some one explain me the difference between a IP console and a serial console. (1 Reply)
Discussion started by: rama krishna
1 Replies
9. Solaris
i am running solaris 10 in my vmware workstation. How to setup a console for my solaris box. in Vmware i could see a serial port option. can some one help me on how i can setup a console . (0 Replies)
Discussion started by: chidori
0 Replies
LEARN ABOUT FREEBSD
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate information corresponding with the private keys above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
December 7, 2013 BSD