I'd like to install openssh across an Irix cluster where I work, but its dependency on an "entropy pool" like /dev/urandom is making this problematic -- especially because EGD has issues with Irix that making it largely unusable. Obviously, the original ssh relied on its own random number generator. While this may not have provided the same degree of randomness that is provided by the openssh implementation, it had the advantage of being completely self contained. Is there any reason why this can't be added to openssh as an option? Something like --enable-cheap-random-numbers-with-lower-security, or something like that. This would provide at least the same level as security as ssh 1.2.27 (and would actually work, whereas at the moment I've got sshd turned off because of the EGD problems). Any thoughts? I don't have much crypto programming experience, so I've implemented a cheap hack using random/initstate and friends which seems to work, but I'd prefer to see a more "official" solution. Incidentally, the configure script asks for reports on Irix 6.x experience. Once the random number problem is out of the way, openssh appears to work just fine. Thanks, -- Lars -- Lars Kellogg-Stedman <lars at larsshack.org> --> http://www.larsshack.org/
On Fri, 21 Apr 2000, Lars Kellogg-Stedman wrote:> I'd like to install openssh across an Irix cluster where I work, > but its dependency on an "entropy pool" like /dev/urandom is making > this problematic -- especially because EGD has issues with Irix that > making it largely unusable. > > Obviously, the original ssh relied on its own random number > generator. While this may not have provided the same degree of > randomness that is provided by the openssh implementation, it had > the advantage of being completely self contained.You might want to try the test release at: http://violet.ibs.com.au/openssh/files/test It has the beginnings of self-contained random collection. Please report the output of "ssh -v somehost". Suggestions for more commands (see the table in entropy.c) to collect randomness would be greatly appreciated. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
Hey guys :-) I'm trying to set up Openssh 1.2.3 on the IRIX 6.5.6. I wasn't successful so far :-( I've compiled latest openssl (the one that is on the same ftp site as openssh), and it goes to /usr/local/ssl , but then openssh's ./configure fails with the "Could not find working SSLeay / OpenSSL libraries, please install". So i do ./configure --with-ssl-dir=/usr/local/ssl/lib/ -doesn't, then the same with /usr/local/ssl/include, /usr/local/ssl ---- still the same result. Which compiler should i use? I've tried to compile openssl with mips-cc , with gcc 2.81 , still the same error. Am i doing smth really stupid and wrong, but can't get it 'cuz it's Friday? ;-) Any tips or suggestions are greatly appreciated. Thanx a lot for your reply :-)