bugzilla-daemon at mindrot.org
2005-Jan-03 18:51 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968
Summary: OpenSSH 3.8p1 PRNG seed extraction failed error
Product: Portable OpenSSH
Version: 3.8p1
Platform: UltraSparc
OS/Version: SunOS
Status: NEW
Severity: major
Priority: P2
Component: scp
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: stephen.berliner at ngc.com
I get these errors while running a Korn shell script which runs installations
on multiple servers from a single server location. some processes are run in
background such as copying files to the servers. During the copy process at
different times between the 5th and 7th process I get these errors.
PRNG seed extraction failed
ssh-rand-helper child produced insufficient data
I have no clue as to what is going on but this same script worked under the
previous version of ssh that only supported ssh1.
Can anyone please help.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-03 18:58 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From stephen.berliner at ngc.com 2005-01-04 05:58 ------- Created an attachment (id=757) --> (http://bugzilla.mindrot.org/attachment.cgi?id=757&action=view) deploy korn script that distributes and installs application software on multiple servers. This is the script. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-03 18:59 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From stephen.berliner at ngc.com 2005-01-04 05:59 ------- Created an attachment (id=758) --> (http://bugzilla.mindrot.org/attachment.cgi?id=758&action=view) sshd_config file sshd_config file ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-05 22:45 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From dtucker at zip.com.au 2005-01-06 09:45 ------- To figure out what the random helper program is doing (or not doing, as the case may be) try running "ssh-random-helper -vvv" multiple times, checking if it fails sometimes and comparing the output between runs. You'll probably get better results if you install prgnd: http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html If your OpenSSL is relatively modern, it will search the default places for the prngd socket so you won't need to recompile OpenSSH after installing prngd, it will be used automatically. BTW, what version of SunOS are you running? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-07 15:14 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From stephen.berliner at ngc.com 2005-01-08 02:14 ------- Created an attachment (id=759) --> (http://bugzilla.mindrot.org/attachment.cgi?id=759&action=view) log of ssh-rand-helper -vvv ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-07 15:19 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From stephen.berliner at ngc.com 2005-01-08 02:19 ------- Darren, Thanks for your response. running "uname -a" produces the following. SunOS NNM2 5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-2 I have run ssh-rand-helper -vvv and supplied a log. I ran this command atleast 25 time and also created a script to run it in background mode and recieved no errors. I am not sure of the openssh imstall was done correctly. I am just a user and the SA's don't seemed to be as bothered as me about this problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-07 22:39 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From djm at mindrot.org 2005-01-08 09:39 ------- Created an attachment (id=760) --> (http://bugzilla.mindrot.org/attachment.cgi?id=760&action=view) Use temporary file for prng_seed I wonder if this is a race condition in prng_seed creation/reading. Please give this patch a try and see if it helps. You might also want to try some stress-tests on ssh-rand-helper. E.g. something like this: for x in 0 1 2 3 4 5 6 7 8 9; do for y in 0 1 2 3 4; do sh -c "ssh-rand-helper -vvv > out.$x.$y 2>&1 || echo $x.$y failed" & done ; done This will run 50 concurrent ssh-rand-helpers, and should report on failures. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-10 07:48 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-10 08:50 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From dtucker at zip.com.au 2005-01-10 19:50 ------- Heh. Don't try that script on a production box, kids (or at least, not in prime time): $ uptime 7:42pm up 19 min(s), 3 users, load average: 54.55, 28.04, 14.86 Anyway, I can reproduce it on Solaris 2.5.1. Here's the tail of a failing log: debug3: Got 0.00 bytes of entropy from 'tail -200 /var/adm/messages' debug1: Seeded RNG with 4 bytes from programs debug1: writing PRNG seed to file /home/dtucker/.ssh/prng_seed PRNG seed extraction failed Will test patch #760 next. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-10 09:42 UTC
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968 ------- Additional Comments From dtucker at zip.com.au 2005-01-10 20:42 ------- The patch made no difference for me (although it still seems like a good idea). I took a closer look at the logs and the problem appears to be that all of the commands time out before providing any entropy, eg: debug3: Reading output from 'uptime' debug3: Time elapsed: 1073 msec debug2: Command 'uptime' timed out I don't see what ssh-rand-helper can do about that aside from upping the timeout. Stephen, I suggest you ask your admins to install Sun patch 112438-03 (assuming the box is a SPARC). Installing it by the book requires a reboot, but there are instructions around for loading the module and creating the device nodes by hand. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.