similar to: OpenSSH 3.4p1 "PRNG is not seeded"

Just for peace of mind, can someone who knows the openssh code better than I do, confirm that openssh doesn't use (in any circumstances) the openssl prng (since the code in versions prior to 0.9.6b is rather weak). My understanding is that it doesn't (using either /dev/random, egd, prngd or the builtin code), but I may have missed some other use of the openssl prng elsewhere... -- Jon

Hi! I have just made the 0.9.0 release of PRNGD available. PRNGD is the Pseudo Random Number Generator Daemon. It has an EGD compatible interface and is designed to provide entropy on systems not having /dev/*random devices. Software supporting EGD style entropy requests are openssh, Apache/mod_ssl, Postfix/TLS... Automatic querying of EGD sockets at fixed locations has been introduced in the

There are a couple of issues regarding egd support in OpenSSH. 1) SIGPIPE is not ignored for the master listener daemon. I put the signal() call early on since it needs to be before get_random_bytes() is called but it could also be placed in the EGD version of get_random_bytes(). For some reason, with prngd I am getting SIGPIPE even though the prngd processes is not dying.

Hi, I use openssh-2.9p2 on an i386 LynxOS system. Since LynxOS does not have support for /dev/[u]random, I installed openssh with prngd support. It so happened by accident on installation that prngd.conf got truncated to zero size. With prngd running as such, ssh-keygen just hangs. I notice similar case with sshd, ssh, ... as all these depend on prngd for random number. SMMEstack# /usr/sbin/sshd

Hi, I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I boot up the server, the startup script I wrote to start sshd fails to start sshd with the following error: fatal: Not enough entropy in RNG What am I doing wrong?? Is there anything I can do to prevent this from happening? Is just restarting sshd a valid thing to do?? Thanks for any thoughts, David

http://bugzilla.mindrot.org/show_bug.cgi?id=968 Summary: OpenSSH 3.8p1 PRNG seed extraction failed error Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org

Hi! The handling of the "status" information in bsd-waitpid.c and bsd-nextstep.c seems to be bit odd. Patch attached. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz

Hi there, I have all my additional software mounted from one central place. Therefore I'm trying to limit all unnecessary local files. Local config files are ok... e.g. keys, ssh_config etc, but why needs ssh_prng_cmds to be in /etc? So why not put it into $bindir? There are no problems doing this with a few manual fixes. So are there any security concerns? Is it possible to make this a

To Whomever can assist, I am looking for anyone who has gotten OpenSsh 3.7.1p2 to build under HP-UX 10.20. I am working with the latest gcc (v. 3.3.1), gmake (v. 3.80), and Openssl (0.9.7c) and I still can not get OpenSsh to build properly. It errors out on the build process with a: loginrec.c:1405: dereferencing pointer to incomplete type cing pointer to incomplete type loginrec.c:1514:

Hi! when using agent forwarding, the connection hangs on exit, if the agent has been accessed. Symptoms: - On the client side, when the agent is accessed, the following output is being logged: debug1: channel 1: new [authentication agent connection] debug1: confirm auth-agent at openssh.com debug1: channel 1: rcvd eof debug1: channel 1: output open -> drain debug1: channel 1: obuf empty

I have successfully compiled OpenSSH 3.1p1 for the following systems: Solaris 8 Solaris 7 Irix 6.5.14 Irix 6.5.4 SunOS 4.1.3_U1 Unfortunately, the new sshd is not working on any of the above systems with the exception of Solaris 7. (I then put the Solaris 7 executables on Solaris 8, and they worked there too.) This is the error I'm getting: $ /usr/etc/sshd -D -d -d -d debug3: Seeing PRNG

Hello, over the last few days I've been attempting to compile openssh-3.4p1 on a HP j5000 (hpux 10.20) but have run into some problems. I had found the paper from Kevin Steves and have been following his suggested steps. Perl, zlib, prngd, tcp_wrappers and openssl all compiled more or less as he described. The configure script runs without protest but make gets hung up in

Hi! I am resending the following message about problems with utmp handling. * In the meantime I had some request in private mail from people asking whether I have new information. * The problem is still persistant in 2.9p2. * My own new investigations show, that the problem only appears with protocol 2, not with protocol 1, I therefore only started to note it when protocol 2 became the

Howdy, After upgrading to 2.9 (OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f) I'm unable to ssh between two systems any more (the two that I've upgraded). I've recompiled from the original source several times, each time with no errors, regenerated host keys, regenerated client keys (using rsa), etc., to no avail. Below are some relevant snippets of debugging output

Hi! I am distributing 2.5.1p1 for production use on my system by now and prepare switching to protocol 2 as default protocol. I just noted, that ssh-agent can be used for protocol 1 and 2, but the keys kept in ssh-agent are not compared against keys in .ssh. Example: I have a DSA key in id_dsa which I load into ssh-agent on login. When connecting to an account accepting the key everything is

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hi! as I just noted, after scp the connection does not shut down properly. When I do a "scp file targethost:path", on targethost a "sshd" process is left running. I do use --with-default-path="/usr/local/openssh/bin:/usr/bin:/usr/local/bin" to assure, that the corrensponding openssh-scp is used. It also seems, that normal sessions are not always closed properly.

Hi when i restart sshd I get PRNG is not seeded # /etc/init.d/sshd restart PRNG is not seeded # No idea as what is going on Thanks and Regards Kaushal

Hi! I have experimented a bit with the latest OpenSSH from the CVS archive. I could realize some connections succesfully, but I experienced performance problem during the connection phase. It seems, that the client needs quite some computer time just after debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. By inserting test-printouts, I verifyed that the dh_gen_key(dh); call seems to take that long. On a HP

Hello, it's me again ! I tried to compile / install OpenSSH on our Reliant UNIX system, OS version 5.45 (and 5.44). The following problems did appear: 1. OpenSSL-0.9.5a will not compile out of the box. The problem on RU 5.45 is, that the compiler does support "long long" but NOT "unsigned long long". The latter just provokes the error message "superfluous