similar to: Server Key [Re-] Generation after Install?

Hello all, I tried OpenSSH versions 2.1.1p4, 2.2.0p1 and the latest snapshot briefly on 64-bit Irix 6.5.7f an 6.5.9m. Both times, no matter what I do, I'll get 'PRNG initialization failed -- exiting'. This happens with ssh-keygen (the keys aren't even generated yet, ssh binary etc.) It's clear that Irix etc. don't have a proper entropy pool like *BSD and Linux do, but

I upgraded from OpenSSH_3.0.2p1 to OpenSSH 3.4p1. Starting SSHD or ssh-keygen I'm getting the "PRNG is not seeded". I have verified that prngd is running and "egc.pl /var/spool/prngd/pool get" runs just fine reporting 32800 bits of entropy. My platform is Solaris 8 (sparc) and I downloaded binaries from www.sunfreeware.com. My guess is the build of OpenSSH 3.4.p1 is

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't

Greetings. I'm wondering if OpenSSH automatically falls back to the internal PRNG (such as used on Solaris) when it can't use a better alternative. The reason I ask is this: the machine I am compiling OpenSSH on has the /dev/random patch for Solaris 8. I'd like OpenSSH to use /dev/random whenever possible, if it exists. However, I'd prefer NOT to have to compile a separate

Just for peace of mind, can someone who knows the openssh code better than I do, confirm that openssh doesn't use (in any circumstances) the openssl prng (since the code in versions prior to 0.9.6b is rather weak). My understanding is that it doesn't (using either /dev/random, egd, prngd or the builtin code), but I may have missed some other use of the openssl prng elsewhere... -- Jon

hi I am using Solaris 8 and installing the 3.8 openssh software that I received from www.sunfreeware.com I following the installation instruction see attachment but when I get to ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" I get a PRNG is not seeded could you help me in this matter. Thank you for your cooperation. Spencer Crim

a small fix for the PRNG/EGD section -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh_cvs/configure.in.old Tue Feb 27 12:56:06 2001 +++ openssh_cvs/configure.in Tue Feb 27 16:54:48 2001 @@ -5,6 +5,7 @@ AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL_HOST +AC_C_BIGENDIAN # Checks for programs. AC_PROG_CPP @@ -1279,14

Hi, dovecot tries to use OpenSSL's PRNG to generate random numbers if there is no /dev/urandom found. Unfortunately, it is flawed in its present form, since the PRNG is not seeded before RAND_bytes() is called in src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL automatically seeds its PRNG from the urandom device). Here's a patch to address this issue: it tries to seed

Hi, with current test releases SSL doesn't work anymore for me on AIX 4.3 with dovecot-0.99.10-test14. It worked with 0.99.9.1. dovecot: Jun 23 19:42:23 Info: Dovecot starting up imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

On 05/25/2018 09:17 AM, Michal Privoznik wrote: >>> We should probably seed it with data from /dev/urandom, and/or the new >>> Linux getrandom() syscall (or BSD equivalent). > > I'm not quite sure that right after reboot there's going to be enough > entropy. Every service that's starting wants some random bits. But it's > probably better than what we

I'm using OpenSSH 2.3.0p1. When my users use ssh for the first time, using rhosts authentication, entropy.c drops the privs in prng_write_seedfile() at the setuid(original_uid) line (line 550, approx): void prng_write_seedfile(void) { int fd; char seed[1024]; char filename[1024]; struct passwd *pw; /* Don't bother if we have already saved a seed */ if (prng_seed_saved) return;

On Sun, Jul 24, 2005 at 04:06:02PM +0200, Poul-Henning Kamp wrote: +> In message <20050724135738.GM46538@darkness.comp.waw.pl>, Pawel Jakub Dawidek writes: +> +> >We should probably test entropy quality on boot. +> >I've somewhere userland version of /sys/dev/rndtest/ which implements +> >FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users.

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Heya, I have compiled and installed OpenSSH on a Solaris/Sparc machine and whenever I try to start any of the ssh programs I get "fatal: PRNG initialisation failed -- exiting" Now, I have looked through the mailing lists and have seen some mention that this indicates it can't open the ssh_prng_cmds file, which entropy.c also seems to indicate the problem is. However, this snippet

This is likely a linux or ssh problem, but perhaps someone else on this list may have encountered it. I have run about 15,000 instances of rsync in the last year, (about 500 total hours of rsyncing) using ssh as a transport mechanism ( actually, I am running the dirvish backup wrapper, www.dirvish.org, around rsync). In all cases, I am pulling filesystems from a linux client to a linux backup

On 05/29/2018 03:38 PM, Martin Kletzander wrote: > On Fri, May 25, 2018 at 09:37:44AM -0500, Eric Blake wrote: >> On 05/25/2018 09:17 AM, Michal Privoznik wrote: >> >>>>> We should probably seed it with data from /dev/urandom, and/or the new >>>>> Linux getrandom() syscall (or BSD equivalent). >>> >>> I'm not quite sure that right

[NOTE: I'm new to this list and this is my first approach to OpenSSH code.] I've enhanced "--with-prngd-port=PORT" flag to accept an optional hostname as in "myhost:myport", e.g.: % ./configure --with-prngd-port=example.com:12345 Although I'm certain that this may cause big trouble if remote gatherer isn't online (ssh will refuse to open any connection) I

I did this as a project back in the early 2002, and I had a nice little how-to to walk me through it. Many work places and moves, and I've lost it. I have a friend who asked me about this recently, and I can't seem to find anything on the web, or the how-to I used (not surprised). If I remember correctly, you needed an up-to-date zlib, egd (or prng), OpenSSL, tcpwrappers, and OpenSSH.

http://bugzilla.mindrot.org/show_bug.cgi?id=968 Summary: OpenSSH 3.8p1 PRNG seed extraction failed error Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org