dnssec-keygen -a RSASHA1 -b 1024 -n ZONE domainThis was the result, for a while
Generating key pair.It seemed to hang there. The problem turns out to be a lack of entropy, which can be checked with this:
cat /proc/sys/kernel/random/entropy_availIt turns out that this is not good enough to generate a key, so the standard advice is to try to compile a kernel or generate some I/O work. Compiling a kernel was really not an option, so I tried to generate some I/O work but to no avail. After a googling for a bit I came across the rng daemon, which will generate a bit of entropy for you.
73
rngd -r /dev/urandom -o /dev/random -bNow entropy in the system is:
cat /proc/sys/kernel/random/entropy_availWhich is enough to generate the key. Note that /dev/urandom is not truly random, as it will use SHA1 to generate random data when the entropy pool has been depleted, see this for a better explanation. However, this is good enough for my test system.
3968
You need to install rng-tools in RHEL6 to use the rng daemon, note that it is no longer rng-utils.
where i get installed the RNG'TOOLS??
ReplyDeletethanks
BADBOY
The package is called rng-tools (rng-tools-2-8.el6.x86_64) and is in the installation DVD.
DeletePlease note that you might see this error when starting rngd:
ReplyDeleteStarting rngd: can't open entropy source(tpm or intel/amd rng)
Maybe RNG device modules are not loaded
If that happens, edit /etc/sysconfig/rngd and add the following:
# Add extra options here
EXTRAOPTIONS="-r /dev/urandom"