Re: [PATCH 2/2] services: Add 'dropbear-service'.

[David Craven]

On the other hand a better solution might be to generate the key
outside the vm and copy it into the vm. This would also allow to
configure the key from within the operating-system config.

On Sun, Jul 10, 2016 at 1:03 AM, David Craven <address@hidden> wrote:
> Yep is probably better. I did think something dough when writing the
> service. For some reason I thought that /etc was mounted readonly and
> only writeable by the guix daemon - which is obviously not the case -
> and that the vm virtual disk was readonly - which has a unionfs
> overlay.
>
> So I can't find a reason not to use the -R option (even if I'd feel
> better now if I could =P) Thank you for pointing this out.
>
> On Sun, Jul 10, 2016 at 12:43 AM, Leo Famulari <address@hidden> wrote:
>> On Sat, Jul 09, 2016 at 06:41:25PM -0400, Leo Famulari wrote:
>>> On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
>>> > If so, what does Dropbear do? How does it get random numbers to generate
>>> > the host key?
>>>
>>> I looked into it — Dropbear uses /dev/urandom, which *may* not be safe
>>> to use immediately after first boot.
>>>
>>> What do you think about implementing the '-R' option, described below?
>>
>> To clarify, I'm also asking what you think about making it the default
>> for the dropbear-service.