similar to: ssh-keygen hangs with empty prngd.conf - bug ?

Hi! I have just made the 0.9.0 release of PRNGD available. PRNGD is the Pseudo Random Number Generator Daemon. It has an EGD compatible interface and is designed to provide entropy on systems not having /dev/*random devices. Software supporting EGD style entropy requests are openssh, Apache/mod_ssl, Postfix/TLS... Automatic querying of EGD sockets at fixed locations has been introduced in the

I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or ssh-keygen I'm getting the "PRNG is not seeded". I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" runs just fine reporting 32800 bits of entropy. My platform is Solaris 8 (sparc) and I downloaded binaries from www.sunfreeware.com. My guess is the build of OpenSSH 3.4.p1 is

There are a couple of issues regarding egd support in OpenSSH. 1) SIGPIPE is not ignored for the master listener daemon. I put the signal() call early on since it needs to be before get_random_bytes() is called but it could also be placed in the EGD version of get_random_bytes(). For some reason, with prngd I am getting SIGPIPE even though the prngd processes is not dying.

Just for peace of mind, can someone who knows the openssh code better than I do, confirm that openssh doesn't use (in any circumstances) the openssl prng (since the code in versions prior to 0.9.6b is rather weak). My understanding is that it doesn't (using either /dev/random, egd, prngd or the builtin code), but I may have missed some other use of the openssl prng elsewhere... -- Jon

Hi, I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I boot up the server, the startup script I wrote to start sshd fails to start sshd with the following error: fatal: Not enough entropy in RNG What am I doing wrong?? Is there anything I can do to prevent this from happening? Is just restarting sshd a valid thing to do?? Thanks for any thoughts, David

To Whomever can assist, I am looking for anyone who has gotten OpenSsh 3.7.1p2 to build under HP-UX 10.20. I am working with the latest gcc (v. 3.3.1), gmake (v. 3.80), and Openssl (0.9.7c) and I still can not get OpenSsh to build properly. It errors out on the build process with a: loginrec.c:1405: dereferencing pointer to incomplete type cing pointer to incomplete type loginrec.c:1514:

Hi! The handling of the "status" information in bsd-waitpid.c and bsd-nextstep.c seems to be bit odd. Patch attached. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz

Hi! I have just uploaded version 0.9.28 of prngd. It does fix a hang in an endless loop under certain conditions. I have never seen this myself on HP-UX but I have received some reports, more or less all from Solaris 8 users, one of which finally lead to the correct analysis. Problem: after calling waitpid(), errno is evaluated for the case of waidpid()=0 even though errno is not set in this

Hello, over the last few days I've been attempting to compile openssh-3.4p1 on a HP j5000 (hpux 10.20) but have run into some problems. I had found the paper from Kevin Steves and have been following his suggested steps. Perl, zlib, prngd, tcp_wrappers and openssl all compiled more or less as he described. The configure script runs without protest but make gets hung up in

Hi! when using agent forwarding, the connection hangs on exit, if the agent has been accessed. Symptoms: - On the client side, when the agent is accessed, the following output is being logged: debug1: channel 1: new [authentication agent connection] debug1: confirm auth-agent at openssh.com debug1: channel 1: rcvd eof debug1: channel 1: output open -> drain debug1: channel 1: obuf empty

Hi there, I have all my additional software mounted from one central place. Therefore I'm trying to limit all unnecessary local files. Local config files are ok... e.g. keys, ssh_config etc, but why needs ssh_prng_cmds to be in /etc? So why not put it into $bindir? There are no problems doing this with a few manual fixes. So are there any security concerns? Is it possible to make this a

Hello, I apologize if this is the wrong list. It was the list I was directed towards. I have reviewed the archives as well as everything I could google before posting. Any help is most appreciated: We're seeing an error during sftp and ssh connections with consistent regularity. It's triggered by a high number of connections coming into sftp/ssh at the same time. It affects

http://bugzilla.mindrot.org/show_bug.cgi?id=953 Summary: openssh session hanging - prngd[671]: write() in socket_write() failed: Broken pipe Product: Portable OpenSSH Version: 3.7.1p2 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh

[NOTE: I'm new to this list and this is my first approach to OpenSSH code.] I've enhanced "--with-prngd-port=PORT" flag to accept an optional hostname as in "myhost:myport", e.g.: % ./configure --with-prngd-port=example.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I

http://bugzilla.mindrot.org/show_bug.cgi?id=361 ------- Additional Comments From Lutz.Jaenicke at aet.TU-Cottbus.DE 2002-07-19 17:37 ------- OpenSSH's "configure" command will only pick up a new installation of PRNGD, when it is running during the call to configure. Thus make sure to * install prngd first and check its proper operation. * then run OpenSSH's configure

Hi! I am resending the following message about problems with utmp handling. * In the meantime I had some request in private mail from people asking whether I have new information. * The problem is still persistant in 2.9p2. * My own new investigations show, that the problem only appears with protocol 2, not with protocol 1, I therefore only started to note it when protocol 2 became the

Howdy, After upgrading to 2.9 (OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f) I'm unable to ssh between two systems any more (the two that I've upgraded). I've recompiled from the original source several times, each time with no errors, regenerated host keys, regenerated client keys (using rsa), etc., to no avail. Below are some relevant snippets of debugging output

Hi! I am distributing 2.5.1p1 for production use on my system by now and prepare switching to protocol 2 as default protocol. I just noted, that ssh-agent can be used for protocol 1 and 2, but the keys kept in ssh-agent are not compared against keys in .ssh. Example: I have a DSA key in id_dsa which I load into ssh-agent on login. When connecting to an account accepting the key everything is

Hi, With reference to my previous mail: 1. I use openssh-2.9p2 on a LynxOS i386 system. The ssh and scp clients work fine. Even sftp from other Linux systems works. But, if I run the sftp client in LynxOS to localhost (LynxOS) or remote sshd in Linux, the authentication succeeds, prints sftp> prompt and then exits. I don't know why this happens. The problem is with the sftp client

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller