openssh unix dev - Jun 2002 - ssh-keygen hangs with empty prngd.conf - bug ?

Hi,

I use openssh-2.9p2 on an i386 LynxOS system.
Since LynxOS does not have support for /dev/[u]random, I installed openssh
with prngd support.
It so happened by accident on installation that prngd.conf got truncated to
zero size.
With prngd running as such, ssh-keygen just hangs.
I notice similar case with sshd, ssh, ... as all these depend on prngd for
random number.

SMMEstack# /usr/sbin/sshd -d -d -d
debug1: Seeding random number generator

< hang >

The hang because of ssh-keygen is important, because the rc boot scripts
generate ssh host keys if they are not present. Under such cases, (the first
time the system boots), the system boot just hangs on ssh-keygen which
should not happen. Isn't this serious? I expect the applications to print an
error (report random number not available or timeout) and exit.

One other interesting thing to notice is that, prngd consumes extra-ordinary
cpu resource with empty prngd.conf (bug in prngd ???).


 PID USERNAME TID PRI   TEXT  STK   DATA STATE   TIME    CPU COMMAND
  78 root      66  17   132K  28K  56K 	ready   5:32   97.69% prngd

Thanks,
Hari

On Tue, Jun 18, 2002 at 07:21:25PM +0530, Hari wrote:
> I use openssh-2.9p2 on an i386 LynxOS system.
> Since LynxOS does not have support for /dev/[u]random, I installed openssh
> with prngd support.
> It so happened by accident on installation that prngd.conf got truncated to
> zero size.
> With prngd running as such, ssh-keygen just hangs.
> I notice similar case with sshd, ssh, ... as all these depend on prngd for
> random number.
> 
> SMMEstack# /usr/sbin/sshd -d -d -d
> debug1: Seeding random number generator
> 
> < hang >
> 
> The hang because of ssh-keygen is important, because the rc boot scripts
> generate ssh host keys if they are not present. Under such cases, (the
first
> time the system boots), the system boot just hangs on ssh-keygen which
> should not happen. Isn't this serious? I expect the applications to
print an
> error (report random number not available or timeout) and exit.
> 
> One other interesting thing to notice is that, prngd consumes
extra-ordinary
> cpu resource with empty prngd.conf (bug in prngd ???).
> 
> 
>  PID USERNAME TID PRI   TEXT  STK   DATA STATE   TIME    CPU COMMAND
>   78 root      66  17   132K  28K  56K 	ready   5:32   97.69% prngd
Just a shot into the dark:

When starting PRNGD, it reads the configuration of external gatherers.
(The list is empty, but I don't remember having caught this condition.)
After startup, PRNGD will query external gatherers in a tight loop, until
enough entropy was collected. As no external gatherers are defined, it
will stay running in the tight loop...

I'll have to think about how to catch this special condition:
should prngd stop immediatly, if no gatherers were configured?

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus