Darren Tucker
2004-Dec-18  23:50 UTC
Make ssh-rand-helper fall back to commands when configured with prngd
Hi.
	I recently snookered myself: I build OpenSSH on an old box that didn't 
have /dev/random, but happened to be running prngd at the time for other 
reasons.  Because I wanted to use commands, I configured 
--with-rand-helper, however configure found the prngd socket and built 
ssh-rand-helper to use it exclusively.
	Next reboot: no prngd, no random seed, no sshd.  Do not log in, do not 
pass "Go", do not collect $200.
	Can anyone see any reason why we shouldn't allow ssh-rand-helper to 
fall back to commands if egd/prngd is not available?  This is what 
happens if both PRNGD_PORT and PRNGD_SOCKET are defined:
$ ./ssh-rand-helper -v
debug1: Seeded RNG with 1 bytes from system calls
debug1: trying egd/prngd port 3333
Couldn't connect to PRNGD port 3333: Connection refused
debug1: trying egd/prngd socket /var/run/egd-pool
Couldn't connect to PRNGD socket "/var/run/egd-pool": Connection
refused
debug1: Loaded 52 entropy commands from /usr/local/etc/ssh_prng_cmds
debug1: Seeded RNG with 373 bytes from programs
629[...]b2
-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-rand-helper.patch
Url:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041219/00227f78/attachment.ksh
