search for: egd

Hi, when running OpenSSH with EGD as entropy source, the sshd server connects to the EGD socket and leaves it open to re-seed on the fly. Unfortunately the connection is not checked when re-seeding, so that a failure or restart of EGD will lead to a "fatal()" abort of the sshd server process. Since a dying server process...

I'm having a bit of trouble generating a host key on an x86 Solaris 8 system. I've gotten the following built and installed: egd-0.7 openssl-0.9.5a openssh-1.2.3 My perl version is 5.005_03. egd is running, and tests fine the egd "make test" and with: #./egd.pl /etc/entropy get 22 sources found forking into background... server starting But when I go to "make host-key", it just sits there. Tracking it...

Hi! I have just made the 0.9.0 release of PRNGD available. PRNGD is the Pseudo Random Number Generator Daemon. It has an EGD compatible interface and is designed to provide entropy on systems not having /dev/*random devices. Software supporting EGD style entropy requests are openssh, Apache/mod_ssl, Postfix/TLS... Automatic querying of EGD sockets at fixed locations has been introduced in the development version of OpenS...

Just tried out ssh in pre13, and still get the EGD problem? :( new-relay:/usr/slocal/src/openssh-1.2pre13> ./ssh -l marc atelier The authenticity of host 'atelier.acadiau.ca' can't be established. Key fingerprint is 1024 ef:36:b5:f8:a3:bb:14:4d:a9:4b:f2:90:9a:bd:bb:00. Are you sure you want to continue connecting (yes/no)? yes Warni...

...get to run autoheader and autoconf. - Dave Dykstra *** entropy.c.O Fri Jun 1 15:52:20 2001 --- entropy.c Tue Jun 5 17:41:47 2001 *************** *** 80,91 **** # define USE_PRNGD #endif - #if defined(USE_PRNGD) || defined(RANDOM_POOL) - #ifdef USE_PRNGD /* Collect entropy from PRNGD/EGD */ int ! get_random_bytes(unsigned char *buf, int len) { int fd; char msg[2]; --- 80,89 ---- # define USE_PRNGD #endif #ifdef USE_PRNGD /* Collect entropy from PRNGD/EGD */ int ! prngd_get_random_bytes(unsigned char *buf, int len) { int fd; char msg[2]; **************...

...on solaris? > > > > i think the commercial ssh uses a one time generated random > > seed file. If i remember, it asks you to bang on the keyboard until it > > gets enough entropy, like PGP. It also might have its own internal code > > that does the same thing egd or /dev/urandom on linux does. > > It works like EGD. In SSH 1.2.27, It hashes the output of various system > state commands (e.g. ps, ls -alni /tmp, w, netstat) . Check out > randoms.c . > > In SSH 2.0.9, it doesn't run commands (all those fork()s can't have been > t...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy all. I've just released version 0.7 ("the Brown Paper Bag" release) of EGD. The Entropy Gathering Daemon is primarily intended as a source of randomness for GnuPG, for use on systems which lack a /dev/random device. version 0.6, which has been available for about 8 months, had a serious and embarrasing bug in which the gathered random data (the output from 'vmstat...

The usual suspects: Solaris 8 gcc 2.95.2 perl 5.60 egd 0.7 openssl 0.95.a openssh 1.2.3 # egd.pl /etc/entropy --- It works the first few minutes and then just stops working. OpenSSH connections started still work, ssh just hangs with a new connection. I've even tried --bottomless; no joy. 0.6 and Solaris 7 worked great. I'm going to try th...

a small fix for the PRNG/EGD section -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh_cvs/configure.in.old Tue Feb 27 12:56:06 2001 +++ openssh_cvs/configure.in Tue Feb 27 16:54:48 2001 @@ -5,6 +5,7 @@ AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL...

...The xml in https://libvirt.org/formatdomain.html#elementsRng) <devices> <rng model='virtio'> <rate period="2000" bytes="1234"/> <backend model='random'>/dev/random</backend> <!-- OR --> <backend model='egd' type='udp'> *<source mode='bind' service='1234'/>* * <source mode='connect' host='1.2.3.4' service='1234'/>* </backend> </rng> </devices> How did it work with source mode='bind' and sourc...

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=380 Summary: SSH compiled to use EGD.PL won't start without it!! Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mind...

There are a couple of issues regarding egd support in OpenSSH. 1) SIGPIPE is not ignored for the master listener daemon. I put the signal() call early on since it needs to be before get_random_bytes() is called but it could also be placed in the EGD version of get_random_bytes(). For some reason, with prngd I am getting SIGPI...

EGD 0.7 was released this weekend and I would highly recommend that everyone here that uses EGD upgrades. While doing some research last week I found a typo in the add_entropy() function that prevented any new entropy from being introduced into the system (in other words the entropy pool was a recur...

...---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2002-08-05 13:11 ------- If you configure it to use EGD/PRNGd then it is your responsability to ensure that they work. If you want some sort of redundancy, then configure with the rand-helper, but replace it with a script. This script could, for example, try query EGD but fall back to the original ssh-rand-helper if it didn't work. ------- You...

Hi, We are trying to get OpenSSH-1.2.2 stable release to compile under Solaris 2.3 Sparc. It worked perfect for Solaris 2.5, Solaris 2.5.1, Solaris 7 (All on Sparc) and Linux 2.2.13 Intel x86 OpenSSL installs fine without problem, zlib is installed fine without problems and egd.pl installs fine without problems. These are all the current releases, I can get the version numbers if you need them. egd.pl is started like so (and it is running when configure and make are run). /usr/local/bin/egd.pl /dev/random --hostname~/open/openssh-1.2.2 -->./configure --with-egd-poo...

...ded imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded dovecot: Jun 23 19:42:25 Error: Login process died too early - shutting down AIX doesn't have /dev/u?random, so I don't know if that could be the culprit. EGD would be available though. Adam -- Adam adam at os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/

.../etc/init.d/openssh.server script, which is essentially functioning like /etc/init.d/opensshd. When I run the /etc/init.d/opensshd, I get the following errors: Installation of <OpenSSH> was successful. # cd /etc/init.d/ # ./opensshd start Couldn't connect to PRNGD socket "/var/run/egd-pool": No such file or directory Entropy collection failed ssh-rand-helper child produced insufficient data Couldn't connect to PRNGD socket "/var/run/egd-pool": No such file or directory Entropy collection failed ssh-rand-helper child produced insufficient data Couldn't conn...

...ple.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I think it's an interesting enhancement, specially if you have an specialized random gatherer in your local environment. Imagine a server running egd or prngd feeding from the usual PRNG shell commands. Then, add to that server some random traffic from your local network or from other random gatherers like random.org (e.g. http://random.org/cgi-bin/randbyte?nbytes=128&format=f ), etc. Thus, all random requesters (OpenSSH, OpenSSL, GnuPG, etc...

...is fine, for the record: gcc 2.95.2 So, I try to understand if this would be still a valid configure option and there is something wrong, or I misunderstood it and I gave an NO to package which cant be denied. Btw, I came across contrib/hpux [nice :>] and there is a little typo for installing egd.rc in the README: # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K600egd # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S400egd which should read # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd Thanks for the work on OpenSSH :) ciao -- Philipp Buehler, ak...

With the help of Jan Iven I have been able to compile openssh-2.9.9p2 on Solaris 2.6 with AFS/kerb4 support using gcc. ./configure --sysconfdir=/etc/ssh --with-tcp-wrappers \ --with-egd-pool=/var/run/egd-pool \ --with-kerberos4=/usr/athena --with-afs=/usr/afsws to do this I modified the resulting Makefile, from: CPPFLAGS=-I. -I$(srcdir) -I/usr/local/ssl/include -I/usr/local/include -I/usr/athena/include -I/usr/afsws/include $(PATHS) -DHAVE_CONFIG_H to: CPPFLAGS=-I....