http://bugzilla.mindrot.org/show_bug.cgi?id=630
Summary: built-in ssh-rand-helper
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: aet at cc.hut.fi
OpenSSH 3.1p1 introduced ssh-rand-helper, a subprocess to gather
randomness for legacy OS's that still don't have /dev/urandom. Sadly
here at HUT/CC as well we have a few mission critical servers that
need ssh-rand-helper, but a static linking instead of external
subprocess with hardcoded exec paths is preferred.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=630 ------- Additional Comments From aet at cc.hut.fi 2003-08-26 02:59 ------- Created an attachment (id=373) --> (http://bugzilla.mindrot.org/attachment.cgi?id=373&action=view) This patch modifies ssh-rand-helper source, so that you can link randomness code staticly, like OpenSSH 3.0.2p1 used to do as only option. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=630
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From djm at mindrot.org 2003-08-26 10:51 -------
Thanks, but we are trying to move the responsability for randomness collection
further away from OpenSSH, rather than closer in. It just doesn't make sense
for
each app to do its own entropy collection.
I'd prefer to deprecate ssh-rand-helper entirely and give all the
responability
to OpenSSL, but that is a matter for another release :)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugzilla.mindrot.org/show_bug.cgi?id=630 ------- Additional Comments From aet at cc.hut.fi 2003-08-26 23:32 ------- Ah, that's good to hear. :) Maybe I'll glue out some issues with prngd in the future and use it with OpenSSL, so that I won't have to maintain ugly patch like this anymore. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 629] sshd_config & PAM backwards compatibility
- [Bug 220] sshd fails to read other users authorized_keys over nfs as root
- [Bug 237] Key authentication failed with SSH 2 / Path wrong
- openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket.
- ssh-rand-helper