Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
As soon as anyone knows the answer to this question, please let us know: Clearly, sometime after installing your OS, after the OS has gained entropy, you should generate new server ssh keys. (And re-generate any SSL/TLS keys that you may have previously created using openssl without sufficient entropy.) The question is, how do you know when your server has gained some entropy? Assuming your machine has been on a long time, it should have gained entropy from hard drive seek times and ethernet behavior by now. Be aware of the difference between /dev/random and /dev/urandom. Generate yourselves some ssh keys: sudo mkdir /etc/ssh/oldkeys sudo mv /etc/ssh/*_key* /etc/ssh/oldkeys sudo ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key sudo ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key sudo ssh-keygen -q -C "" -N "" -t rsa1 -f /etc/ssh/ssh_host_key sudo chmod 600 /etc/ssh/*_key sudo chmod 644 /etc/ssh/*_key.pub sudo chown root:root /etc/ssh/*key* sudo service sshd restart
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |