A handful of misc questions … random seeds / pfsense tunes / root shell ...



  • Three misc. questions …

    First, how can I bang away at my keyboard to create my own ssh random seed when I first enable sshd from the pfsense shell menu ?  If I choose to "enable ssh" it just does it ... and I never get a chance to bang in a screen full of keyboard input to seed the RNG ... is there a way to do that ?

    Second, can I turn off the pfsense startup and shutdown songs ?

    Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ?

    Thank you.



  • @apfusertoo:

    Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ?

    I just changed the shell that gets executed for option 8 on the menu. Changed to (had to install first) Bash and it works fine…



  • Yes, but I ssh directly to the device … so I'd like to change the shell for real ... I just want to make sure that is safe ?

    They are both in /bin, so it should be, right ?  Not like changing root shell from /bin/sh to /usr/local/bin/zsh or whatever and then you can't run root shell from unmounted /usr partition, right ?


  • Rebel Alliance Developer Netgate

    For the SSH key - See http://www.freebsd.org/cgi/man.cgi?query=ssh-keygen&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html - You can make your own host keys that way.

    For the beeps, on 2.1 you can disable them - System > Advanced, Notifications tab - there is a checkbox to disable the beeps

    You can change the shell but you'll also probably want to edit /etc/rc.initial to change the shell that gets run for option 8, as others have mentioned.



  • @rjcrowder:

    @apfusertoo:

    Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ?

    I just changed the shell that gets executed for option 8 on the menu. Changed to (had to install first) Bash and it works fine…

    Ack … ok, this does work - it appears NOT to work, since .tcshrc will get executed no matter what, as long as it is there.

    So, if you want to change frmo tcsh to csh, you need to alter rc.initial and you need to remove your existing /root/.tcshrc file before your actual .cshrc file will get sourced...

    Thanks :)



  • Hmmm… Not sure - seems to work fine for me with /bin/bash. Also changed rc.inital to run under bash (#!/bin/bash on first line).



  • @jimp:

    For the SSH key - See http://www.freebsd.org/cgi/man.cgi?query=ssh-keygen&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html - You can make your own host keys that way.

    I found it easier to just:

    killall sshd ; rm -rf /etc/ssh/ssh_host* ; sysctl -w kern.random.sys.seeded=0

    then create a /etc/rc.conf file with sshd_enable="yes" in it

    then /etc/rc.d/sshd start

    (type a screen full of garbage)

    then … delete the unnecessary /etc/rc.conf.

    :)



  • @apfusertoo:

    @rjcrowder:

    @apfusertoo:

    Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ?

    I just changed the shell that gets executed for option 8 on the menu. Changed to (had to install first) Bash and it works fine…

    Ack … ok, this does work - it appears NOT to work, since .tcshrc will get executed no matter what, as long as it is there.

    So, if you want to change frmo tcsh to csh, you need to alter rc.initial and you need to remove your existing /root/.tcshrc file before your actual .cshrc file will get sourced...

    Thanks :)

    Ugh.  So that worked just fine … until I rebooted.  Now /etc/passwd file is back to /bin/sh for root, and the .tcshrc file was recreated for me.  The changes to rc.initial stuck, but I still don't get a csh shell because .tcshrc is recreated...

    How can I keep pfsense from recreating it ?  Other than maybe creating an empty file and chflagging it schg ??


Log in to reply