similar to: ssh-rand-helper

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

I'm using OpenSSH 2.3.0p1. When my users use ssh for the first time, using rhosts authentication, entropy.c drops the privs in prng_write_seedfile() at the setuid(original_uid) line (line 550, approx): void prng_write_seedfile(void) { int fd; char seed[1024]; char filename[1024]; struct passwd *pw; /* Don't bother if we have already saved a seed */ if (prng_seed_saved) return;

In line 542 of entropy.c is the owner of the PRNG seedfile checked. Root is also a valid owner of this file. So the line must be: if (((st.st_mode & 0177) != 0) || !( (st.st_uid == original_uid) || (st.st_uid == 0) ) ) Regards, Martin --- Martin Luig email: email at Martin-Luig.de

The deb-oriented package providers (and others perhaps, it''s only debian I''m looking at right now) allow one to set a seedfile with the appropriate debconf responses when installing a package. However, there doesn''t seem to be a tidy way inherent to puppet to handle reconfiguring the package if the seedfile changes. It can be done quite easily with something like the

Hi, I just tried building of OpenSSH-2.1.0 on HP-UX 10.20 and found the following items: - The configure command I used at the beginning: CC=cc CFLAGS="-Ae +O2 +DAportable" CPPFLAGS="-I/usr/local/include -I/usr/local/s sl/include -I/usr/include/X11R6" LDFLAGS="-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/lib/X11R6" ./configure --prefix=/usr/local/openssh

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

http://bugzilla.mindrot.org/show_bug.cgi?id=1149 Summary: Does not build on QNX Product: Portable OpenSSH Version: 4.3p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at ftbfs.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced:

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

Hi guys We at ZKS were also interested in yarrow under unix. However the implementation that counterpane have on their web page doesn't correspond to the paper -- it is a pretty different design. Also the windows code is hairy in the extreme -- I decided to reimplement it from scratch from the paper, rather than try to look at that windows code too much (yeuch!). And in writing from the

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

Nico-- SSH is trying to "get entropy" by taking the (somewhat-deterministic) output of a bunch of system commands, on those OSs that don't provide a /dev/random or its equivalent. The commands that it uses are in /etc/ssh_prng_cmds or its equivalent on your system; just comment out any of the lines (and stop/restart SSHd) in order to change which system commands are used as inputs

On Thu, Jan 13, 2000 at 17:34:10, Andre Lucas wrote: > Subject: /dev/urandom > On Thu, Jan 13, 2000 at 09:24:01AM -0700, SysProg - Nathan Paul Simons wrote: > > On Thu, 13 Jan 2000, Ben Taylor wrote: > > > > > On Thu, 13 Jan 2000, Max Shaposhnikov wrote: > > > > why ssh1.27 doesn't requre /dev/urandom on solaris? > > > > i think the

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

Hi, I am almost new to R. Would any one show me (please include an example) how to clip a contour or image figure so that I only see the image or lines inside a selected area? Thank you very much Han -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- r-help mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html Send "info",

Hello Rails community I cannot seem to find via Google what I had hoped would be a simple issue On a single DB system (currently, postgres 8.1.4), I have two databases, each containing multiple tables. I would like to configure my app and database.yml to recognize these two databases. What is the corrrect config for the database.yml ? Is it something like: > production: > adapter:

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful

I was doing some regression testing in 5.5: Specifically testing booting up a 'virgin' hard disk from a clean install. I was testing what happened if the 300 second timeout happened vs hitting <return> for 'fast+insecure' startup and punching in a bunch of random garbage. I found that for some reason, on a 2.4Ghz Celeron, the 'sysctl -a' and 'date' seeding

Hello, I am interested in a port of OpenSSH to the Win32 plattform, using Cygwin for a start. Is anyone already working on it? Regards, Marc