I feel very silly asking this, because I saw the answer to this question one time and can't remember what it was. OpenSSH uses /dev/urandom or /dev/random which Solaris does not have (verified with a call to the Sun software folks). How do I make OpenSSH happy with a Solaris substitute for /etc/urandom? Thanks Tim Nibbe Supervisor of System Administration Sprint IP Dial Support Services
Tim- You need to use the Entropy Gathering Daemon (EGD) developed by Brian Werner. The EGD collects entropy from various OS/Solaris facilities, creating an entropy pool for random number generation. Read the readme included with the distribution of OpenSSH and visit http://www.lothar.com/tech/crypto/ for the EGD source and documentation. Mahalo, Ryan RYAN J. HUNTER Senior UNIX Systems Administrator Stockwalk.com Group, Inc. -- Information Architecture email: rhunter at stockwalkgroup.com ph: 612-542-3538 -----Original Message----- From: tnibbe [mailto:tnibbe at sprint.net] Sent: Tuesday, March 28, 2000 2:16 PM To: openssh-unix-dev at mindrot.org Subject: /etc/urandom and Solaris I feel very silly asking this, because I saw the answer to this question one time and can't remember what it was. OpenSSH uses /dev/urandom or /dev/random which Solaris does not have (verified with a call to the Sun software folks). How do I make OpenSSH happy with a Solaris substitute for /etc/urandom? Thanks Tim Nibbe Supervisor of System Administration Sprint IP Dial Support Services -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000328/ea21a632/attachment.html
This probably should have made it into some of the OpenSSH doco by now (*hint*) Sun *does* have a /dev/random, and it works with OpenSSH It's not bundled, it's part of the package SUNWski. You can find SUNWski on Sunsolve if you go scanning through the patch reports. Carl
> Carl Brewer wrote: > > > > Sun *does* have a /dev/random, and it works with OpenSSH > > > > It's not bundled, it's part of the package SUNWski. > > > > You can find SUNWski on Sunsolve if you go scanning through the > > patch reports. > > Hmmm... There are both international and domestic versions of the > Sun Web Server patch that contains SUNWski. One can only download > the international version with no crypto. Will the international > version have a functioning /dev/random, or will I have to get the > folks at 1-800-USA4SUN to send me a tape?I don't know the story wrt the versions, but the one that I have I got from SunSolve by searchign for /dev/random in the patch reports, and finding SUNWski, and then downloading the patch, pulling out the package and applying it. It works on Solaris 2.6, 7 and 8ea (personal experience). Carl