It appears you are doing this through jumpstart as indicated in initial
reply. The rc script is a an easy option. Another options would be to
create a symlink from your boot image install directory to the /a
directory.
For example, we store our openssh-related files in /usr/local/openssh.
Therefore, we can do a symlink from.
'JUMPBASE'/Solaris_8/Tools/Boot/usr/local/openssh to
../../a/usr/local/openssh
when ssh-keygen looks for ssh_rand_helper in /usr/local/openssh/libexec
during jump install, it find it.
Regards,
Liston
--------
It sounds to me like your problem is only occuring while performing ssh
functions under a /a mount (I'm assuming off of a cdrom or net boot,
possibly during jumpstart)?
If so, I suspect that portions of ssh are compiled to look for fully
qualified paths that would exist if they were under /a, but don't exist
directory under /
The easiest solution may just be to install a runonce type script in
/etc/rc3.d that generates the keys (if not present) and then deletes
itself.
Alternatively, you may try compiling it from scratch. I know that recent
versions have a pkgproto, although we roll our own, so I'm not sure how
well it handles the alternate mount point issue. It might also require
some sort of trickery with compile time flags to switch from fully
qualified paths to relative paths. As a last resort, you could come up
with some link trickery. For example, you could compile ssh to be
installed in /a/usr/local/openssh and then on your production server,
create a /a link to /
-----Original Message-----
From: Kim & Kyle Bedell [mailto:2beds at rogers.com]
Sent: Wednesday, April 24, 2002 11:11 PM
To: openssh-unix-dev at mindrot.org
Subject: ssh-rand-helper probs
Hi all
Am i doing this right? Is this the right list to post to? If not, a
quick lesson in ettiquette for me would not hurt. As I am both just
starting to use newsgroups and SSH, I am not entirely familiar with the
processes. I have a question about ssh-rand-helper. First an outline:
I
am currently using the SSH packages for Solaris 2.8 available at
sunfreeware.com. The environment is Solaris 8 (2.8) on sun4u platforms
(ultras). At work, I have constructed a boot and installation server, an
Ultra 450 that amongst other things, installs, configures SSH and
auto-generates SSH keys as part of the client build. No problems there,
it
works quite nicely so that when the client finishes building, it can be
immediately deployed. At home however, I practice and experiment alot. I
use an SS20 with 224MB of RAM as a boot server but I get a different set
of
errors depending on what I do:
The first time I tried this type of installation of SSH at home however I
got an error that read:
"ld.so.1: /a/usr/local/bin/ssh-keygen: fatal: libz.so: open failed: No
such
file or directory. Killed"
So........just feed it some env parameters ....like LD_LIBRARY_PATH...
right? nope
tried that and got this:
"(rand child) Couldn't exec
'/usr/local/libexec/ssh-rannd-helper': No
such
file or directory
ssh-rand-helper child produced insufficient data"
This sounds like: 1. It really cant find the specified path/filename but
then how did the second part occur, that being: "ssh-rand-helper child
produced insufficient data" It also sounds like prngd is not doing its
job
but I have sat in on the build and watched it start up in a cmd tool
window
while the client builds.
This only happens when I use a script (!) and again, it only happens here
at
home on this sparc20. (Did I say that already?) :) After the client
finishes building, I can manually generate keys using the ssh-keygen
utility without incident.
the relevant excerpt from the customization script that I uses is here:
-------------text snipped----------------
LD_LIBRARY_PATH=/a/usr/local/lib:/usr/local/lib:/usr/lib
export LD_LIBRARY_PATH
echo "##########################################"
echo "#
#"
echo "# Installing and configuring
#"
echo "# samba and SSH (Secure Shell) #"
echo "#
#"
echo "##########################################"
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-local all
mkdir -p /a/usr/local/samba
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-sparc-local all
#pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-sparc-local all
sleep 3
cat /a/var/sadm/system/logs/sysidtool.log >/a/usr/local/etc/prngd-seed
echo "##########################################"
echo "#
#"
echo "# (SSH) Creating seed file
#"
echo "#
#"
echo "##########################################"
sleep 2
cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd /a/etc/init.d/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd /a/etc/init.d/.
chown root:sys /a/etc/init.d/prngd
chown root:sys /a/etc/init.d/sshd
chmod 544 /a/etc/init.d/prngd
chmod 544 /a/etc/init.d/sshd
ln -s /etc/init.d/sshd /a/etc/rc2.d/S98sshd
ln -s /etc/init.d/prngd /a/etc/rc2.d/S98prngd
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow /a/etc/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny /a/etc/.
cd /var
mkdir -p spool/prngd
/a/usr/local/bin/prngd /var/spool/prngd/pool
sleep 3
echo "###################################"
echo "Attempting to create socket: "pool""
echo "###################################"
sleep 3
/a/usr/local/bin/ssh-keygen -t rsa1 -f /a/usr/local/etc/ssh_host_key -N
""
/a/usr/local/bin/ssh-keygen -t dsa -f /a/usr/local/etc/ssh_host_dsa_key -N
""
/a/usr/local/bin/ssh-keygen -t rsa -f /a/usr/local/etc/ssh_host_rsa_key -N
""
echo "##########################################"
--------------text snipped---------------
Any ideas? All advice appreciated and I thank you in advance
Kyle
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
mindrot.org/mailman/listinfo/openssh-unix-dev
***********************************************************************************
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************
------_=_NextPart_001_01C1EC4F.DB727F10
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
5.5.2652.35">
<TITLE>RE: ssh-rand-helper probs</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>It sounds to me like your problem is only occuring
while
performing ssh functions under a /a mount (I'm assuming off of a cdrom or
net boot, possibly during jumpstart)?</FONT></P>
<P><FONT SIZE=3D2>If so, I suspect that portions of ssh are compiled
to
look for fully qualified paths that would exist if they were under /a, but
don't exist directory under /</FONT></P>
<P><FONT SIZE=3D2>The easiest solution may just be to install a
runonce
type script in /etc/rc3.d that generates the keys (if not present) and then
deletes itself.</FONT></P>
<P><FONT SIZE=3D2>Alternatively, you may try compiling it from
scratch. I know that recent versions have a pkgproto, although we roll
our own,
so I'm not sure how well it handles the alternate mount point
issue.
It might also require some sort of trickery with compile time flags to
switch from fully qualified paths to relative paths. As a last resort,
you could come up with some link trickery. For example, you could
compile ssh to be installed in /a/usr/local/openssh and then on your production
server, create a /a link to /</FONT></P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Kim & Kyle Bedell [<A
HREF=3D"mailto:2beds at rogers.com">mailto:2beds at
rogers.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, April 24, 2002 11:11
PM</FONT>
<BR><FONT SIZE=3D2>To: openssh-unix-dev at mindrot.org</FONT>
<BR><FONT SIZE=3D2>Subject: ssh-rand-helper probs</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Hi all</FONT>
</P>
<P><FONT SIZE=3D2> Am i doing this
right? Is this the
right list to post to? If not, a</FONT>
<BR><FONT SIZE=3D2>quick lesson in ettiquette for me would not
hurt.
As I am both just</FONT>
<BR><FONT SIZE=3D2>starting to use newsgroups and SSH, I am not
entirely
familiar with the</FONT>
<BR><FONT SIZE=3D2>processes. I have a question about
ssh-rand-helper. First an outline: I</FONT>
<BR><FONT SIZE=3D2>am currently using the SSH packages for Solaris
2.8
available at</FONT>
<BR><FONT SIZE=3D2>sunfreeware.com. The environment is
Solaris 8
(2.8) on sun4u platforms</FONT>
<BR><FONT SIZE=3D2>(ultras). At work, I have constructed a
boot and
installation server, an</FONT>
<BR><FONT SIZE=3D2>Ultra 450 that amongst other things, installs,
configures SSH and</FONT>
<BR><FONT SIZE=3D2>auto-generates SSH keys as part of the client
build. No problems there, it</FONT>
<BR><FONT SIZE=3D2>works quite nicely so that when the client
finishes
building, it can be</FONT>
<BR><FONT SIZE=3D2>immediately deployed. At home however,
I practice
and experiment alot. I</FONT>
<BR><FONT SIZE=3D2>use an SS20 with 224MB of RAM as a boot server
but I
get a different set of</FONT>
<BR><FONT SIZE=3D2>errors depending on what I do:</FONT>
</P>
<P><FONT SIZE=3D2>The first time I tried this type of installation
of SSH
at home however I</FONT>
<BR><FONT SIZE=3D2>got an error that read:</FONT>
</P>
<P><FONT SIZE=3D2> "ld.so.1:
/a/usr/local/bin/ssh-keygen: fatal:
libz.so: open failed: No such</FONT>
<BR><FONT SIZE=3D2>file or directory.
Killed"</FONT>
</P>
<P><FONT SIZE=3D2>So........just feed it some env parameters
....like
LD_LIBRARY_PATH...</FONT>
<BR><FONT SIZE=3D2>right?
nope</FONT>
</P>
<P><FONT SIZE=3D2>tried that and got this:</FONT>
</P>
<P><FONT SIZE=3D2>"(rand child) Couldn't exec
'/usr/local/libexec/ssh-rannd-helper': No such</FONT>
<BR><FONT SIZE=3D2>file or directory</FONT>
<BR><FONT SIZE=3D2>ssh-rand-helper child produced insufficient
data"</FONT>
</P>
<P><FONT SIZE=3D2>This sounds like: 1. It really
cant find the
specified path/filename but</FONT>
<BR><FONT SIZE=3D2>then how did the second part occur, that
being:
"ssh-rand-helper child</FONT>
<BR><FONT SIZE=3D2>produced insufficient data" It
also sounds
like prngd is not doing its job</FONT>
<BR><FONT SIZE=3D2>but I have sat in on the build and watched it
start up
in a cmd tool window</FONT>
<BR><FONT SIZE=3D2>while the client builds.</FONT>
<BR><FONT SIZE=3D2>This only happens when I use a script (!) and
again, it
only happens here at</FONT>
<BR><FONT SIZE=3D2>home on this sparc20. (Did I say that
already?) :) After the client</FONT>
<BR><FONT SIZE=3D2>finishes building, I can manually
generate keys
using the ssh-keygen</FONT>
<BR><FONT SIZE=3D2>utility without incident.</FONT>
</P>
<P><FONT SIZE=3D2>the relevant excerpt from the customization script
that
I uses is here:</FONT>
<BR><FONT SIZE=3D2>-------------text
snipped----------------</FONT>
<BR><FONT
SIZE=3D2>LD_LIBRARY_PATH=3D/a/usr/local/lib:/usr/local/lib:/usr/lib</FONT>
<BR><FONT SIZE=3D2>export LD_LIBRARY_PATH</FONT>
<BR><FONT SIZE=3D2>echo
"##########################################"</FONT>
<BR><FONT SIZE=3D2>echo "#</FONT>
<BR><FONT SIZE=3D2>#"</FONT>
<BR><FONT SIZE=3D2>echo
"#
Installing and configuring</FONT>
<BR><FONT SIZE=3D2>#"</FONT>
<BR><FONT SIZE=3D2>echo
"# samba and
SSH (Secure
Shell)
#"</FONT>
<BR><FONT SIZE=3D2>echo "#</FONT>
<BR><FONT SIZE=3D2>#"</FONT>
<BR><FONT SIZE=3D2>echo
"##########################################"</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>mkdir -p /a/usr/local/samba</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>#pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-sparc-local
all</FONT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>cat /a/var/sadm/system/logs/sysidtool.log
>/a/usr/local/etc/prngd-seed</FONT>
<BR><FONT SIZE=3D2>echo
"##########################################"</FONT>
<BR><FONT SIZE=3D2>echo "#</FONT>
<BR><FONT SIZE=3D2>#"</FONT>
<BR><FONT SIZE=3D2>echo
"# (SSH)
Creating seed
file
#"</FONT>
<BR><FONT SIZE=3D2>echo "#</FONT>
<BR><FONT SIZE=3D2>#"</FONT>
<BR><FONT SIZE=3D2>echo
"##########################################"</FONT>
<BR><FONT SIZE=3D2>sleep 2</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd
/a/etc/init.d/.</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd
/a/etc/init.d/.</FONT>
<BR><FONT SIZE=3D2>chown root:sys /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=3D2>chown root:sys /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=3D2>chmod 544 /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=3D2>chmod 544 /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=3D2>ln -s /etc/init.d/sshd
/a/etc/rc2.d/S98sshd</FONT>
<BR><FONT SIZE=3D2>ln -s /etc/init.d/prngd
/a/etc/rc2.d/S98prngd</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow
/a/etc/.</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny
/a/etc/.</FONT>
<BR><FONT SIZE=3D2>cd /var</FONT>
<BR><FONT SIZE=3D2>mkdir -p spool/prngd</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/prngd
/var/spool/prngd/pool</FONT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>echo
"###################################"</FONT>
<BR><FONT SIZE=3D2>echo "Attempting to create socket:
"pool""</FONT>
<BR><FONT SIZE=3D2>echo
"###################################"</FONT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t rsa1 -f
/a/usr/local/etc/ssh_host_key -N ""</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t dsa -f
/a/usr/local/etc/ssh_host_dsa_key -N</FONT>
<BR><FONT SIZE=3D2>""</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t rsa -f
/a/usr/local/etc/ssh_host_rsa_key -N</FONT>
<BR><FONT SIZE=3D2>""</FONT>
<BR><FONT SIZE=3D2>echo
"##########################################"</FONT>
<BR><FONT SIZE=3D2>--------------text
snipped---------------</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Any ideas? All advice appreciated and I
thank you
in advance</FONT>
</P>
<P><FONT SIZE=3D2>Kyle</FONT>
</P>
<P><FONT
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>openssh-unix-dev at mindrot.org mailing
list</FONT>
<BR><FONT SIZE=3D2><A
HREF=3D"mindrot.org/mailman/listinfo/openssh-unix-dev"
TARGET=3D"_blank">mindrot.org/mailman/listinfo/openssh-unix-dev</A></FONT>
</P>
<CODE><FONT SIZE=3D3><BR>
<BR>
***********************************************************************************<BR>
WARNING: All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
************************************************************************************<BR>
</FONT></CODE></BODY>
</HTML>
------_=_NextPart_001_01C1EC4F.DB727F10--
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
mindrot.org/mailman/listinfo/openssh-unix-dev