bugzilla-daemon at mindrot.org
2002-Nov-30 17:35 UTC
[Bug 449] New: ssh_prng_cmds has malformed arp command
http://bugzilla.mindrot.org/show_bug.cgi?id=449
Summary: ssh_prng_cmds has malformed arp command
Product: Portable OpenSSH
Version: 3.4p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: keith at ajmani.org
The file "ssh_prng_cmds", used for entropy generation on systems like
solaris
that lack a decent /dev/random, contains an incorrect "arp" entry.
In particular, the command run is:
"arp -a -n" /usr/sbin/arp 0.02
Unfortunately, in Solaris8, the "-n" command (no host lookups) is not
supported.
As a result, when this command is run on a solaris box that has arp entries in
its cache that it cannot resolve -- either via a local nameserver or a remote
one -- then this command hangs, for a very, very long time.
Some results of this hang are:
- sshd will take 10+ minutes to start on boot
- sshkeygen commands progres very, very slowly
This situation arose when I had a Solaris box installed in a private 10.x
network, running named locally with itself as the only DNS server in
/etc/resolv.conf. However, the box was sitting on a LAN with other boxes in a
subnet outside of the range that the Solaris box was authoratative for, and so
its arp cache had entries that it could not resolve locally.
My suggested fix to this bug is to remove the "arp" command from
ssh_prng_cmds
on Solaris.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 449] ssh_prng_cmds has malformed arp command
- [Bug 323] arp -n flag doesn't exist under Solaris, ssh_prng_cmds still uses it
- [Bug 323] New: arp -n flag doesn't exist under Solaris, ssh_prng_cmds still uses it
- ssh_prng_cmds on Solaris
- Installation globbers ssh_prng_cmds
Wisdom of the Ancients
