[node-patches] Change in ovirt-node[master]: enable strong RNG options on the security page
mburns at redhat.com
mburns at redhat.com
Wed Oct 10 22:54:03 UTC 2012
Michael Burns has submitted this change and it was merged.
Change subject: enable strong RNG options on the security page
......................................................................
enable strong RNG options on the security page
rhbz#829007
>From openssl docs
The environment variable of SSH_USE_STRONG_RNG governs the use
of the Linux kernel random number generator by the OpenSSH daemon,
the client as well as ssh-keygen.
If this environment variable is set to 1 the mentioned applications
use /dev/random for seeding the OpenSSL deterministic random number
generator which is in turn used for generating key material. If this
environment variable is set to 0, /dev/urandom is used.
SSH_USE_STRONG_RNG specifies the number of bytes read from /dev/random.
The minimum is 6 bytes - so any value below 6 still implies that 6 bytes
are read.
The following environment variable disables the use of the AES-NI
Intel processor instruction set. This is required by BSI as the AES-NI
instruction set was not subject to evaluation
export OPENSSL_DISABLE_AES_NI=1
This patch also saves RNG seed is saved to /var/lib/random-seed and persisted
Change-Id: I0b96989b756a691668972d8e204cf8f152e53630
Signed-off-by: Joey Boggs <jboggs at redhat.com>
---
M recipe/common-post.ks
M scripts/ovirt-config-setup.py
M scripts/ovirtnode/ovirtfunctions.py
3 files changed, 65 insertions(+), 3 deletions(-)
Approvals:
Michael Burns: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/7934
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0b96989b756a691668972d8e204cf8f152e53630
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Michael Burns <mburns at redhat.com>
More information about the node-patches
mailing list