openssh unix dev - Apr 2000 - OpenSSH ssh-keygen on Solaris8 x86

Patrick,
I haven't actually used OpenSSH with EGD, but I've been using EGD for
some
research and have had 0.7 running on Solaris.  The only thing I can recommend
is to run the client program:

# eg/egc.pl /etc/entropy get 
and 
# eg/egc.pl /etc/entropy readb 256

The first tells you  how much entropy EGD has collected and the second
does a blocking read (equivalent to the statement in random.c).  You can
also run egd with --debug-client and it will display info on the requests
it gets, so it will tell you when you run 'make host-key' if there is
enough
entropy for your request.  If the readb command returns data, then I would
assume the problem is somewhere in OpenSSH.  If it doesn't return data, then
EGD is not collecting any entropy from the system commands.  At that point, 
you can do a --debug-gather in egd.pl and it will display when the system
commands return and with how much entropy.

I don't believe 'make test' does much except test the SHA
installation.

hope this helps,
brian


On Sat, Apr 29, 2000 at 08:17:59PM -0400, Patrick Gardella
wrote:
> I'm having a bit of trouble generating a host key on an x86 Solaris 8
> system.
> I've gotten the following built and installed:
> egd-0.7
> openssl-0.9.5a
> openssh-1.2.3
> 
> My perl version is 5.005_03.
> 
> egd is running, and tests fine the egd "make test" and with:
> #./egd.pl /etc/entropy get
> 22 sources found
> forking into background...
> server starting
> 
> But when I go to "make host-key", it just sits there.  Tracking
it down,
> the place it stops is in random.c (line 99):
> 
>         c = atomicio(write, random_pool, egd_message,
> sizeof(egd_message));
>         if (c == -1)
>                 fatal("Couldn't write to EGD socket
\"%s\": %s",
> RANDOM_POOL, st
> rerror(errno));
> 
>         c = atomicio(read, random_pool, buf, len);  <--------- HERE
> 
> It's this last line it never completes (line 99)
> 
> I noticed from the list archives that egd-0.7 is fairly new.  There was
> some talk on 4/20 about a similar problem ( John Weaver & Brian
> Carrier), but I don't see any conclusion.
> 
> Any thoughts?
> 
> Patrick
> ----------
> Patrick Gardella                 patrick at whetstonelogic.com
> VP-Technology                    patrick at freebsd.org
> Whetstone Logic, Inc.            This space intentionally left blank.

I'm having a bit of trouble generating a host key on an x86 Solaris 8
system.
I've gotten the following built and installed:
egd-0.7
openssl-0.9.5a
openssh-1.2.3

My perl version is 5.005_03.

egd is running, and tests fine the egd "make test" and with:
#./egd.pl /etc/entropy get
22 sources found
forking into background...
server starting

But when I go to "make host-key", it just sits there.  Tracking it
down,
the place it stops is in random.c (line 99):

        c = atomicio(write, random_pool, egd_message,
sizeof(egd_message));
        if (c == -1)
                fatal("Couldn't write to EGD socket \"%s\":
%s",
RANDOM_POOL, st
rerror(errno));

        c = atomicio(read, random_pool, buf, len);  <--------- HERE

It's this last line it never completes (line 99)

I noticed from the list archives that egd-0.7 is fairly new.  There was
some talk on 4/20 about a similar problem ( John Weaver & Brian
Carrier), but I don't see any conclusion.

Any thoughts?

Patrick
----------
Patrick Gardella                 patrick at whetstonelogic.com
VP-Technology                    patrick at freebsd.org
Whetstone Logic, Inc.            This space intentionally left blank.

The patched version below does indeed work for what I've tried so far.

The only things I would suggest adding to the documentation for egd is a
slightly modified copy of your text for GPG.  I'll send it to you in
another message.

Patrick

Brian Warner wrote:
> 
> > Based on what you sent me, the problem is with egd, and not with
> > OpenSSH, as suspected.
> 
> Yup. There's a bug in select() handling in egd-0.7 that is exposed on
recent
> versions of Solaris (and possibly Irix). The symptom is the "ran out
of
> sources" message. (in short, select()ing for readability and
exception-ability
> will sometimes return both when an fd is at EOF, so you must try reading
first
> before believing the exception).
> 
> I've got a patched version of egd.pl up for test at
> <ftp://ftp.lothar.com/linux/egd.pl.1.46> that all are welcome to try.
Feedback
> is most welcome. I'm especially interested in hearing about whether
clients
> who terminate early (killed mid-transaction) cause the daemon to get
confused,
> since that feels like the most likely bug that could result from shuffling
> those two blocks of code.
> 
> BTW, if there is any openssh-specific documentation you'd like me to
put into
> the egd docs, just let me know. Something like "How to use EGD with
OpenSSH"
> to complement the GPG section. (I guess I should talk to the OpenSSL folks
> about the same thing..)
> 
> > Brian Carrier wrote:
> > >
> > > I don't believe 'make test' does much except test the
SHA installation.
> 
> The 0.6 'make test' did only that. The test.pl in 0.7 actually
starts the
> daemon does a few quick client commands to make sure it basically works. If
it
> isn't doing that when you do 'make test', let me know.
> 
> cheers,
>  -Brian (warner)
-- 
Patrick
----------
Patrick Gardella                 patrick at whetstonelogic.com
VP-Technology                    patrick at freebsd.org
Whetstone Logic, Inc.            This space intentionally left blank.