openssh unix dev - Mar 2000 - ssh bug? on Solaris

On Solaris, and presumably other architectures that don't have /dev/random,
there's a problem with a portion of OpenSSL that is used by OpenSSH.

The cause is line 390 in md_rand.c, which, as far as I can tell, in effect
causes everything up the line to kak if not enough entropy has been gathered.
Which is fine, except that it only seems to know about /dev/random as a
source of entropy.  There seems to be egd support in openssl, but I
haven't a clue how to make it work with the RAND_METHOD stuff.  The simplest
fix is to replace that line with 'ok = 1;', but that's not exactly a
good
solution.

The resulting error in OpenSSH is

ssh: no RSA support in libssl and libcrypto.  See ssl(8).

Note that I have no idea what a good solution to this would be, and I'm
sure this isn't even the best place to post this problem.  However, if
someone does figure it out, please drop me a line.  I don't read the
list.

-Robin

On Fri, 10 Mar 2000, Robin Lee Powell wrote:
> The resulting error in OpenSSH is
> 
> ssh: no RSA support in libssl and libcrypto.  See ssl(8).
Fixed in 1.2.2p1. Unfortunatly there is a dumb configure bug in 
1.2.2p1. 

You can work around it by doing:

LDFLAGS="-L/path/to/openssl/lib"
CFLAGS="-I/path/to/openssl/include" ./configure

1.2.3 will be out soon which fixes this.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)

Damien said:
>On Fri, 10 Mar 2000, Robin Lee Powell wrote:
>
>> The resulting error in OpenSSH is
>>
>> ssh: no RSA support in libssl and libcrypto.  See ssl(8).
>
>Fixed in 1.2.2p1. Unfortunatly there is a dumb configure bug in
>1.2.2p1.
>
>You can work around it by doing:
>
>LDFLAGS="-L/path/to/openssl/lib"
CFLAGS="-I/path/to/openssl/include"
>./configure
>
>1.2.3 will be out soon which fixes this.
Woohoo!  Thanks man!

-Robin