[node-patches] Change in ovirt-node[master]: enable strong RNG options on the security page

mburns at redhat.com mburns at redhat.com
Wed Oct 10 22:54:03 UTC 2012 

Michael Burns has submitted this change and it was merged.

Change subject: enable strong RNG options on the security page
......................................................................


enable strong RNG options on the security page

rhbz#829007

>From openssl docs

 The environment variable of SSH_USE_STRONG_RNG governs the use
 of the Linux kernel random number generator by the OpenSSH daemon,
 the client as well as ssh-keygen.

 If this environment variable is set to 1 the mentioned applications
 use /dev/random for seeding the OpenSSL deterministic random number
 generator which is in turn used for generating key material. If this
 environment variable is set to 0, /dev/urandom is used.

 SSH_USE_STRONG_RNG specifies the number of bytes read from /dev/random.
 The minimum is 6 bytes - so any value below 6 still implies that 6 bytes
 are read.

 The following environment variable disables the use of the AES-NI
 Intel processor instruction set. This is required by BSI as the AES-NI
 instruction set was not subject to evaluation

export OPENSSL_DISABLE_AES_NI=1

This patch also saves RNG seed is saved to /var/lib/random-seed and persisted

Change-Id: I0b96989b756a691668972d8e204cf8f152e53630
Signed-off-by: Joey Boggs <jboggs at redhat.com>
---
M recipe/common-post.ks
M scripts/ovirt-config-setup.py
M scripts/ovirtnode/ovirtfunctions.py
3 files changed, 65 insertions(+), 3 deletions(-)

Approvals:
  Michael Burns: Verified; Looks good to me, approved


--
To view, visit http://gerrit.ovirt.org/7934
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0b96989b756a691668972d8e204cf8f152e53630
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Michael Burns <mburns at redhat.com>

More information about the node-patches mailing list