similar to: Killing the builtin entropy code

I remember a discussion to the effect that using DSA keys in sshd increases the requirement for random bits available on the system... and that this requirement (was it a 128 bit random number per connection?) presents security problems on systems that don't have a decent source of entropy? Am I misinterpreting those discussions? We are having a problem deploying sshd (no prngd) where sshd

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

http://bugzilla.mindrot.org/show_bug.cgi?id=1149 Summary: Does not build on QNX Product: Portable OpenSSH Version: 4.3p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at ftbfs.org

http://bugzilla.mindrot.org/show_bug.cgi?id=968 Summary: OpenSSH 3.8p1 PRNG seed extraction failed error Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or ssh-keygen I'm getting the "PRNG is not seeded". I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" runs just fine reporting 32800 bits of entropy. My platform is Solaris 8 (sparc) and I downloaded binaries from www.sunfreeware.com. My guess is the build of OpenSSH 3.4.p1 is

I have successfully compiled OpenSSH 3.1p1 for the following systems: Solaris 8 Solaris 7 Irix 6.5.14 Irix 6.5.4 SunOS 4.1.3_U1 Unfortunately, the new sshd is not working on any of the above systems with the exception of Solaris 7. (I then put the Solaris 7 executables on Solaris 8, and they worked there too.) This is the error I'm getting: $ /usr/etc/sshd -D -d -d -d debug3: Seeing PRNG

[NOTE: I'm new to this list and this is my first approach to OpenSSH code.] I've enhanced "--with-prngd-port=PORT" flag to accept an optional hostname as in "myhost:myport", e.g.: % ./configure --with-prngd-port=example.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

Hello! I am running openSSH 2.9x on an IRIX 6.5.x platform. This was recently installed using SGI-supplied "freeware" binaries. I find that as time goes on, it takes more attempts to establish an ssh connection from the IRIX platform to another machine, as it fails with "not enough entropy in PRNG." I posted a note asking for assistance, and received a reply suggesting I

Before I actually implement the small changes needed to allow the location of ssh-rand-helper to be specified in the config file, I'd like to check that in doing so I won't be opening up a huge security hole. My brief reading of the code suggests that in entropy.c:seed_rng() the ssh-rand-helper is run as the original uid (for binaries which were setuid in the first place of course), so I

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

Greetings. I'm wondering if OpenSSH automatically falls back to the internal PRNG (such as used on Solaris) when it can't use a better alternative. The reason I ask is this: the machine I am compiling OpenSSH on has the /dev/random patch for Solaris 8. I'd like OpenSSH to use /dev/random whenever possible, if it exists. However, I'd prefer NOT to have to compile a separate

I'm trying to configure and build the current bits from the CVS tree, I've used autoconf (GNU Autoconf) 2.52 to generated configure from the configure.ac file. When I run configure on Solaris 9 I get a failure thus: $ ./configure .... checking for OpenSSL directory... /usr/local/ssl checking for RSA support... yes checking whether OpenSSL's headers match the library... yes checking

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

What is autom4te.cache/ and why is it in the snapshot?

Hello - I am trying to use scp (openssh_3.0), but every time I run it, I get the following error: stty: Not a typewriter When I run it with -v , it shows that authentication (pub key) succeeds, but it fails to read the file. If anybody has a clue as to what's going on here, any help will be appreciated. Thanks. Tariq tariq.lahyani at aa.com

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

Nico-- SSH is trying to "get entropy" by taking the (somewhat-deterministic) output of a bunch of system commands, on those OSs that don't provide a /dev/random or its equivalent. The commands that it uses are in /etc/ssh_prng_cmds or its equivalent on your system; just comment out any of the lines (and stop/restart SSHd) in order to change which system commands are used as inputs

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the