similar to: RNG question

Maybe this is a ssh problem - but are you aware of the general issue ? http://bugzilla.mindrot.org/show_bug.cgi?id=182 Summary: ssh should still force SIGCHLD to be SIG_DFL when calling ssh-rand-helper Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: All Status: NEW Severity: normal

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

Hi, I'm like to try a get the new release to work with Sun's new device, that can be installed with patch 112438-01. I compiled SSL attempting to point it at the random device: cd openssl-0.9.6d ./Configure solaris-sparcv7-gcc make DEVRANDOM="/kernel/drv/random" And then ran the SSH configure: ./configure --prefix=/opt/OBSDssh --with-pam --without-rsh \ --sysconfdir=/etc/ssh

I'm trying to compile openssh with openssl 3.1 on a linux machine with kernel 4.15.10. I seem to get stuck at: configure: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options I haven't done anything special in configuring openssl. If I have read the

On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote: > I'm trying to compile openssh with openssl 3.1 on a linux machine with > kernel 4.15.10. I seem to get stuck at: > > configure: error: OpenSSH has no source of random numbers. Please > configure OpenSSL with an entropy source or re-run configure using one > of the --with-prngd-port or

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

http://bugzilla.mindrot.org/show_bug.cgi?id=968 Summary: OpenSSH 3.8p1 PRNG seed extraction failed error Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org

On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: >> > The hwrng core asks for random data in the hwrng_register() call itself >> > from commit d9e7972619. This doesn't play well with virtio -- the

On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: >> > The hwrng core asks for random data in the hwrng_register() call itself >> > from commit d9e7972619. This doesn't play well with virtio -- the

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

On Mon, Jul 07, 2014 at 12:04:09PM +0530, Amit Shah wrote: > On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote: > > On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > > > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: > > >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > > >> > The

On Mon, Jul 07, 2014 at 12:04:09PM +0530, Amit Shah wrote: > On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote: > > On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > > > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: > > >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > > >> > The

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using HAVEGE on those systems. Is this the case with KVM's counters? PS. I will be setting VM CPU

Defining a standard way of transferring random numbers between the host and the guest is an excellent idea. As the person who writes the RNG code in Windows, I have a few comments: DETECTION: It should be possible to detect this feature through CPUID or similar mechanism. That allows the code that uses this feature to be written without needing the ability to catch CPU exceptions. I could be

Defining a standard way of transferring random numbers between the host and the guest is an excellent idea. As the person who writes the RNG code in Windows, I have a few comments: DETECTION: It should be possible to detect this feature through CPUID or similar mechanism. That allows the code that uses this feature to be written without needing the ability to catch CPU exceptions. I could be

Before I actually implement the small changes needed to allow the location of ssh-rand-helper to be specified in the config file, I'd like to check that in doing so I won't be opening up a huge security hole. My brief reading of the code suggests that in entropy.c:seed_rng() the ssh-rand-helper is run as the original uid (for binaries which were setuid in the first place of course), so I

Hi, I'm running openssh 2.1.1p4 on Solaris 7 (sparc). Occationally, when I boot up the server, the startup script I wrote to start sshd fails to start sshd with the following error: fatal: Not enough entropy in RNG What am I doing wrong?? Is there anything I can do to prevent this from happening? Is just restarting sshd a valid thing to do?? Thanks for any thoughts, David

Can I get people from other platforms to test the waitpid.patch to see if it solves hang-on-exit on their platform? I can confirm Solaris at this moment (but I've not done heavy testing at this moment) that is works like a charm (Solaris 7). It handles 'sleep 90&' vs 'nohup sleep 90&' correctly (killed, vs left). thanks. - Ben ---------- Forwarded message

On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > The hwrng core asks for random data in the hwrng_register() call itself > from commit d9e7972619. This doesn't play well with virtio -- the > DRIVER_OK bit is only set by virtio core on a successful probe, and > we're not yet out of our probe routine when this call is made. This > causes

On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > The hwrng core asks for random data in the hwrng_register() call itself > from commit d9e7972619. This doesn't play well with virtio -- the > DRIVER_OK bit is only set by virtio core on a successful probe, and > we're not yet out of our probe routine when this call is made. This > causes