[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
Greg Scott
GregScott at InfraSupportEtc.com
Wed Jul 8 19:08:25 EDT 2009
Well that's just peachy - after pounding on this all day, it would be
lots better if it didn't blow up without using /dev/urandom and the
exact steps Avesh suggested.
- Greg
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, July 08, 2009 6:05 PM
To: Greg Scott
Cc: Avesh Agarwal; users at lists.openswan.org
Subject: RE: [Openswan Users] CKAIDNSS keyword not found where expected
in RSAkey in /var/log/secure
On Wed, 8 Jul 2009, Greg Scott wrote:
> [root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
> --configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
> /etc/ipsec.d/hostkey.secrets Generated RSA key pair using the NSS
> database
Never use /dev/urandom for long term keys! Openswan knows when it needs
to use /dev/random and when it is not safe to use /dev/urandom. Don't
second guess it!
Paul
More information about the Users
mailing list