I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or ssh-keygen I'm getting the "PRNG is not seeded". I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" runs just fine reporting 32800 bits of entropy. My platform is Solaris 8 (sparc) and I downloaded binaries from www.sunfreeware.com. My guess is the build of OpenSSH 3.4.p1 is looking for prngd in a different location than my configuration. Does anyone have any suggestions as to how I can debug this? David Marshall
David Marshall wrote:> My platform is Solaris 8 (sparc) and I downloaded binaries from > www.sunfreeware.com.My guess is you don't have the Solaris 8 /dev/random patch. Did you read http://www.sunfreeware.com/openssh8.html and install patch 112438-01? -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Tue, 23 Jul 2002, David Marshall wrote:> I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or > ssh-keygen I'm getting the "PRNG is not seeded". > > I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" > runs just fine reporting 32800 bits of entropy.This probably has something to do with it. 20020720 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). Try a current snapshot.> > My platform is Solaris 8 (sparc) and I downloaded binaries from > www.sunfreeware.com.As Darren said in another reply, you may want to get the /dev/random patch. -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
On Tue, Jul 23, 2002 at 07:42:59PM -0700, David Marshall wrote:> I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or > ssh-keygen I'm getting the "PRNG is not seeded". > > I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" > runs just fine reporting 32800 bits of entropy.Did you configure with "--with-prngd-socket=/var/spool/prngd/pool", such that OpenSSH picks up the socket? As /var/spool/prngd/pool is not one of the recommended standard locations (recommondations from OpenSSL for support in 0.9.7), it might not be picked up automatically. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus