Hi, I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I boot up the server, the startup script I wrote to start sshd fails to start sshd with the following error: fatal: Not enough entropy in RNG What am I doing wrong?? Is there anything I can do to prevent this from happening? Is just restarting sshd a valid thing to do?? Thanks for any thoughts, David _______________________________________________________ Say Bye to Slow Internet! http://www.home.com/xinbox/signup.html
On Thu, Jul 20, 2000 at 10:12:39AM -0700, dabe_spam at excite.com wrote:> Hi, > I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I > boot up the server, the startup script I wrote to start sshd fails to start > sshd with the following error: > fatal: Not enough entropy in RNG > > What am I doing wrong?? > Is there anything I can do to prevent this from happening? > Is just restarting sshd a valid thing to do??What kind of entropy source did you select? EGD or the integrated entropy collector? (If you did not select one, the integrated collector should be configured) EGD can be drained and then an upstarting sshd can fail. I have written my own prngd to come around this problem (early alpha stage :-) on HP-UX. The integrated entropy collector should better not fail... Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
>On Thu, Jul 20, 2000 at 10:12:39AM -0700, dabe_spam at excite.com wrote: >> Hi, >> I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, whenI>> boot up the server, the startup script I wrote to start sshd fails tostart>> sshd with the following error: >> fatal: Not enough entropy in RNG >> >> What am I doing wrong?? >> Is there anything I can do to prevent this from happening? >> Is just restarting sshd a valid thing to do??>What kind of entropy source did you select? EGD or the integrated >entropy collector? (If you did not select one, the integrated >collector >should be configured)I did not specifically select an entropy source, so it sounds like I got the integrated one.>EGD can be drained and then an upstarting sshd can fail. I have >written >my own prngd to come around this problem (early alpha stage :-) on >HP-UX. >The integrated entropy collector should better not fail...Well, it looks like I'm just lucky today. Since it looks like the integrated entropy collector has failed, what are my options? I don't know much about openssh and openssl, but it looks like maybe I need to change the configuration in ssh_prng_cmds to give it more stuff to pull from. Do I have any other options to get the integrated entropy collector to work reliably??>Best regards, > Lutz >--Thanks, David _______________________________________________________ Say Bye to Slow Internet! http://www.home.com/xinbox/signup.html
On Sat, Jul 22, 2000 at 10:26:59AM +1000, Damien Miller wrote:> On Fri, 21 Jul 2000, Lutz Jaenicke wrote: > > > One hint: it seems that the ssh_prng_cmds file is not updated > > automatically when performing a "make install", so maybe you have an > > old one without much entropy sources? > > This reminds me: If people can submit commands for you favourite > platform to be included in ssh_prng_commands, it would be much > appreciated.HP-UX 10.20 might use the following additions: "ls -alni /var/adm/syslog" 0.02 "ls -alni /var/adm/lp" 0.01 "ls -alni /var/tmp" 0.02 "arp -a -n" 0.02 (without -n) "tail -200 /var/adm/syslog/mail.log" 0.01 "xntpdc -c sysinfo" 0.02 (root access only) Sure that there is even more :-) Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153