Displaying 20 results from an estimated 6000 matches similar to: "OpenSSH (portable) and entropy gathering"
2001 Jun 07
2
Patch to enable multiple possible sources of entropy
I have a need to have the same OpenSSH binaries run on multiple machines
which are administered by different people. That means on Solaris, for
example, there will be some with /dev/random, some on which I can run prngd
because they'll be installing my binaries as root, and some which will have
neither because they will be only installed as non-root. Below is a patch
to enable choosing all 3
2001 Nov 06
1
Entropy and DSA key
On Tue, 6 Nov 2001, Dan Astoorian wrote:
> Date: Tue, 6 Nov 2001 13:23:58 -0500
> From: Dan Astoorian <djast at cs.toronto.edu>
> To: Dave Dykstra <dwd at bell-labs.com>
> Cc: Ed Phillips <ed at UDel.Edu>
> Subject: Re: Entropy and DSA key
>
> On Tue, 06 Nov 2001 10:54:12 EST, Dave Dykstra writes:
> > > On Mon, 5 Nov 2001, Ed Phillips wrote:
>
2002 Jan 22
4
ssh-rand-helper
Now that ssh-rand-helper has been segregated into a separate program,
I'd like to revisit an old question about its entropy gathering.
- would it be desirable to make it possible for ssh-rand-helper to fall
back to external commands if PRNGD cannot be reached, instead of
choosing one or the other at compile time?
- When using PRNGD, the program gets 48 bytes of entropy from PRNGD,
2001 Dec 21
6
Killing the builtin entropy code
Over the holidays, I intend to finally rid portable OpenSSH of the
builtin entropy collection code. Here's what I intend to do:
When init_rng is called, we'll check OpenSSL's RAND_status(). If this
indicates that their PRNG is already seeded, we'll do nothing. This
effectively detects platforms which have /dev/urandom (or similar)
configured into OpenSSL.
If OpenSSL isn't
2001 Oct 02
2
New feature: remote entropy gatherer port
[NOTE: I'm new to this list and this is my first
approach to OpenSSH code.]
I've enhanced "--with-prngd-port=PORT" flag to accept an
optional hostname as in "myhost:myport", e.g.:
% ./configure --with-prngd-port=example.com:12345
Although I'm certain that this may cause big trouble if remote
gatherer isn't online (ssh will refuse to open any connection)
I
2023 Mar 19
1
openssl 9.3 and openssl 3.1
I'm trying to compile openssh with openssl 3.1 on a linux machine with
kernel 4.15.10. I seem to get stuck at:
configure: error: OpenSSH has no source of random numbers. Please
configure OpenSSL with an entropy source or re-run configure using one
of the --with-prngd-port or --with-prngd-socket options
I haven't done anything special in configuring openssl. If I have read
the
2000 Jul 20
3
fatal: Not enough entropy in RNG
Hi,
I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I
boot up the server, the startup script I wrote to start sshd fails to start
sshd with the following error:
fatal: Not enough entropy in RNG
What am I doing wrong??
Is there anything I can do to prevent this from happening?
Is just restarting sshd a valid thing to do??
Thanks for any thoughts,
David
2018 Nov 19
2
[PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
OpenSSL 1.1.0 has deprecated this function.
---
configure.ac | 1 +
openbsd-compat/openssl-compat.c | 2 ++
openbsd-compat/openssl-compat.h | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 3f7fe2cd..db2aade8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then
])
2001 Nov 08
0
entropy.c patch to avoid unnecessary reading of /dev/urandom
This one-line patch prevents OpenSSH from depleting entropy
unnecessarily from /dev/urandom when the OpenSSL library acquires its
own entropy.
Without this patch OpenSSH opens /dev/urandom and reads 32 bytes, and
then OpenSSL opens it again and reads an additional 20.
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and
2002 Mar 08
2
Cannot run OpenSSH 3.1p1 on Solaris 8, Irix 6.5.14, Irix 6.5.4, SunOS 4.1.3_U1 - ssh-rand-helper child produced insufficient data
I have successfully compiled OpenSSH 3.1p1 for the following systems:
Solaris 8
Solaris 7
Irix 6.5.14
Irix 6.5.4
SunOS 4.1.3_U1
Unfortunately, the new sshd is not working on any of the above systems
with the exception of Solaris 7. (I then put the Solaris 7 executables
on Solaris 8, and they worked there too.)
This is the error I'm getting:
$ /usr/etc/sshd -D -d -d -d
debug3: Seeing PRNG
2001 Oct 24
1
Config file semantics change intentional?
In 2.3.0, the per-user config file was read before the system-wide
config file, so options set in ~/.ssh/config took precedence over
system-wide defaults. In 2.9.9, the system-wide file seems to be read
first, contrary to the man page (cf. ssh.c ll. 631-632).
It seems to me that the old behaviour made more sense. (I discovered
the change because I could not override a "ForwardX11"
2002 Apr 01
1
entropy problems IRIX
Hello!
I am running openSSH 2.9x on an IRIX 6.5.x platform.
This was recently installed using SGI-supplied
"freeware" binaries.
I find that as time goes on, it takes more attempts
to establish an ssh connection from the IRIX platform
to another machine, as it fails with "not enough entropy
in PRNG." I posted a note asking for assistance, and
received a reply suggesting I
2001 Nov 02
7
Entropy and DSA keys
I remember a discussion to the effect that using DSA keys in sshd
increases the requirement for random bits available on the system... and
that this requirement (was it a 128 bit random number per connection?)
presents security problems on systems that don't have a decent source of
entropy? Am I misinterpreting those discussions?
We are having a problem deploying sshd (no prngd) where sshd
2003 Sep 25
2
unexpected change in "locked account" behaviour
I just ran into what I'd describe as an unexpected side-effect. I don't
think it's necessarily a bug, and I don't need any assistance in working
around it, but this information might be useful to others for
troubleshooting.
This was using OpenSSH built under Solaris 2.5.1, and running under
2.5.1 or 8.
The symptom was that after upgrading from 3.7.1p1 to 3.7.1p2, some
accounts
2001 Feb 13
4
issue with EGD in openssh
There are a couple of issues regarding egd support in OpenSSH.
1) SIGPIPE is not ignored for the master listener daemon. I put
the signal() call early on since it needs to be before
get_random_bytes() is called but it could also be placed in the
EGD version of get_random_bytes(). For some reason, with prngd
I am getting SIGPIPE even though the prngd processes is not
dying.
2001 Oct 16
2
Solaris 2.5.1 dirname() bug in libgen.a affects OpenSSH2.9.9p2 auth.c
I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 .
In auth.c, secure_filename() walks upwards toward the user's home
directory or the filesystem root, verifying that no directories along
the way are group or world writable.
Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh")
returns an empty string instead of "/".
This causes
2001 Mar 11
4
prng_cmds/init_rng() question/patch
I have a need to provide ssh client binaries for use elsewhere on
several platforms, some without /dev/random support. I can't assume
that users will know how to install/run prngd or egd, so I was
planning to rely on the builtin prng code. However this require the
ssh_prng_cmds file to exist in a fixed location -- which would mean
making binaries which either look for it in . or other
2023 Mar 19
1
openssl 9.3 and openssl 3.1
On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote:
> I'm trying to compile openssh with openssl 3.1 on a linux machine with
> kernel 4.15.10. I seem to get stuck at:
>
> configure: error: OpenSSH has no source of random numbers. Please
> configure OpenSSL with an entropy source or re-run configure using one
> of the --with-prngd-port or
2002 Apr 01
4
path to find ssh-rand-helper
Before I actually implement the small changes needed to allow the
location of ssh-rand-helper to be specified in the config file, I'd
like to check that in doing so I won't be opening up a huge security
hole.
My brief reading of the code suggests that in entropy.c:seed_rng() the
ssh-rand-helper is run as the original uid (for binaries which were
setuid in the first place of course), so I
2011 Jul 13
3
How to compile OpenSSH on HP-UX10
I did this as a project back in the early 2002, and I had a nice
little how-to to walk me through it. Many work places and moves, and
I've lost it. I have a friend who asked me about this recently, and I
can't seem to find anything on the web, or the how-to I used (not
surprised).
If I remember correctly, you needed an up-to-date zlib, egd (or prng),
OpenSSL, tcpwrappers, and OpenSSH.