similar to: [Bug 163] New: /dev/random not used

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

Hello All, This is regarding a sshd problem. In our system we use ocrandom (a random number generator) to fill in the device /dev/urandom from which sshd reads the randomness for seeding. In a situation we stop the ocrandom and sshd. Now as usual we start the ocrandom first and then sshd. We get an error "PRNG is not seeded" while starting sshd. When we start the sshd for the second

Hi, dovecot tries to use OpenSSL's PRNG to generate random numbers if there is no /dev/urandom found. Unfortunately, it is flawed in its present form, since the PRNG is not seeded before RAND_bytes() is called in src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL automatically seeds its PRNG from the urandom device). Here's a patch to address this issue: it tries to seed

http://bugzilla.mindrot.org/show_bug.cgi?id=361 Summary: PRNGD not yet seeded & SSH banner stills show previous banner Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo:

Hi! I have just made the 0.9.0 release of PRNGD available. PRNGD is the Pseudo Random Number Generator Daemon. It has an EGD compatible interface and is designed to provide entropy on systems not having /dev/*random devices. Software supporting EGD style entropy requests are openssh, Apache/mod_ssl, Postfix/TLS... Automatic querying of EGD sockets at fixed locations has been introduced in the

I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or ssh-keygen I'm getting the "PRNG is not seeded". I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" runs just fine reporting 32800 bits of entropy. My platform is Solaris 8 (sparc) and I downloaded binaries from www.sunfreeware.com. My guess is the build of OpenSSH 3.4.p1 is

I'm trying to configure and build the current bits from the CVS tree, I've used autoconf (GNU Autoconf) 2.52 to generated configure from the configure.ac file. When I run configure on Solaris 9 I get a failure thus: $ ./configure .... checking for OpenSSL directory... /usr/local/ssl checking for RSA support... yes checking whether OpenSSL's headers match the library... yes checking

https://bugzilla.mindrot.org/show_bug.cgi?id=1781 Summary: Document how to use Solaris 10 /dev/random Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=398 Summary: OpenSSL build mech. doesn't acknowledge /dev/random in Solaris Product: Portable OpenSSH Version: -current Platform: Sparc URL: http://sunsolve.sun.com/pub- cgi/findPatch.pl?patchId=112438&rev=01 OS/Version: Solaris

On 05/25/2018 09:17 AM, Michal Privoznik wrote: >>> We should probably seed it with data from /dev/urandom, and/or the new >>> Linux getrandom() syscall (or BSD equivalent). > > I'm not quite sure that right after reboot there's going to be enough > entropy. Every service that's starting wants some random bits. But it's > probably better than what we

I have successfully compiled OpenSSH 3.1p1 for the following systems: Solaris 8 Solaris 7 Irix 6.5.14 Irix 6.5.4 SunOS 4.1.3_U1 Unfortunately, the new sshd is not working on any of the above systems with the exception of Solaris 7. (I then put the Solaris 7 executables on Solaris 8, and they worked there too.) This is the error I'm getting: $ /usr/etc/sshd -D -d -d -d debug3: Seeing PRNG

On Tue, 6 Nov 2001, Dan Astoorian wrote: > Date: Tue, 6 Nov 2001 13:23:58 -0500 > From: Dan Astoorian <djast at cs.toronto.edu> > To: Dave Dykstra <dwd at bell-labs.com> > Cc: Ed Phillips <ed at UDel.Edu> > Subject: Re: Entropy and DSA key > > On Tue, 06 Nov 2001 10:54:12 EST, Dave Dykstra writes: > > > On Mon, 5 Nov 2001, Ed Phillips wrote: >

http://bugzilla.mindrot.org/show_bug.cgi?id=328 Summary: starting sshd yeilds PRNG not seeded Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P1 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

On Fri, May 25, 2018 at 09:37:44AM -0500, Eric Blake wrote: >On 05/25/2018 09:17 AM, Michal Privoznik wrote: > >>>> We should probably seed it with data from /dev/urandom, and/or the new >>>> Linux getrandom() syscall (or BSD equivalent). >> >> I'm not quite sure that right after reboot there's going to be enough >> entropy. Every service

On 05/29/2018 09:44 AM, Michal Privoznik wrote: > On 05/29/2018 03:38 PM, Martin Kletzander wrote: >> On Fri, May 25, 2018 at 09:37:44AM -0500, Eric Blake wrote: >>> On 05/25/2018 09:17 AM, Michal Privoznik wrote: >>> >>>>>> We should probably seed it with data from /dev/urandom, and/or the new >>>>>> Linux getrandom() syscall (or BSD

On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote: > I'm trying to compile openssh with openssl 3.1 on a linux machine with > kernel 4.15.10. I seem to get stuck at: > > configure: error: OpenSSH has no source of random numbers. Please > configure OpenSSL with an entropy source or re-run configure using one > of the --with-prngd-port or

On 05/29/2018 03:38 PM, Martin Kletzander wrote: > On Fri, May 25, 2018 at 09:37:44AM -0500, Eric Blake wrote: >> On 05/25/2018 09:17 AM, Michal Privoznik wrote: >> >>>>> We should probably seed it with data from /dev/urandom, and/or the new >>>>> Linux getrandom() syscall (or BSD equivalent). >>> >>> I'm not quite sure that right

On Wed, May 30, 2018 at 10:21:54PM +0200, Martin Kletzander wrote: > On Tue, May 29, 2018 at 10:06:25AM -0400, John Ferlan wrote: > > > > > > On 05/29/2018 09:44 AM, Michal Privoznik wrote: > > > On 05/29/2018 03:38 PM, Martin Kletzander wrote: > > > > On Fri, May 25, 2018 at 09:37:44AM -0500, Eric Blake wrote: > > > > > On 05/25/2018

I've installed Sun's SUNWski package on Solaris 8 (32-bit) that provides a /dev/random interface. It appears to as cat'ing it gives me a bunch of well, random data. However, when I ran my configure, it gives me the WARNING.RND message to the effect that I'm using the built-in. I've seen allusions on this list to building openssl with to get random support, so I rebuilt it