[Openswan Users] CKAIDNSS keyword not found where expected inRSAkey in /var/log/secure
Greg Scott
GregScott at InfraSupportEtc.com
Thu Jul 9 07:56:44 EDT 2009
Sorry for the whining - yesterday was a frustrating day. Today will be
better.
- Greg
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Greg Scott
Sent: Wednesday, July 08, 2009 6:08 PM
To: Paul Wouters
Cc: users at lists.openswan.org
Subject: Re: [Openswan Users] CKAIDNSS keyword not found where expected
inRSAkey in /var/log/secure
Well that's just peachy - after pounding on this all day, it would be
lots better if it didn't blow up without using /dev/urandom and the
exact steps Avesh suggested.
- Greg
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, July 08, 2009 6:05 PM
To: Greg Scott
Cc: Avesh Agarwal; users at lists.openswan.org
Subject: RE: [Openswan Users] CKAIDNSS keyword not found where expected
in RSAkey in /var/log/secure
On Wed, 8 Jul 2009, Greg Scott wrote:
> [root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
> --configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
> /etc/ipsec.d/hostkey.secrets Generated RSA key pair using the NSS
> database
Never use /dev/urandom for long term keys! Openswan knows when it needs
to use /dev/random and when it is not safe to use /dev/urandom. Don't
second guess it!
Paul
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list