On the other hand a better solution might be to generate the key outside the vm and copy it into the vm. This would also allow to configure the key from within the operating-system config.
On Sun, Jul 10, 2016 at 1:03 AM, David Craven <da...@craven.ch> wrote: > Yep is probably better. I did think something dough when writing the > service. For some reason I thought that /etc was mounted readonly and > only writeable by the guix daemon - which is obviously not the case - > and that the vm virtual disk was readonly - which has a unionfs > overlay. > > So I can't find a reason not to use the -R option (even if I'd feel > better now if I could =P) Thank you for pointing this out. > > On Sun, Jul 10, 2016 at 12:43 AM, Leo Famulari <l...@famulari.name> wrote: >> On Sat, Jul 09, 2016 at 06:41:25PM -0400, Leo Famulari wrote: >>> On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote: >>> > If so, what does Dropbear do? How does it get random numbers to generate >>> > the host key? >>> >>> I looked into it — Dropbear uses /dev/urandom, which *may* not be safe >>> to use immediately after first boot. >>> >>> What do you think about implementing the '-R' option, described below? >> >> To clarify, I'm also asking what you think about making it the default >> for the dropbear-service.
