Re: Open SSH v3.6.1p1

From: Max Gregis (mgregis@sorint.it)
Date: 04/15/03

  • Next message: QB=FChl=2C_Reiner=2C_VIS-TOLx=22?=: "X11 Forwarding without X11Forward option in sshd_config?"
    Date: Tue, 15 Apr 2003 09:44:36 +0200
    From: Max Gregis <mgregis@sorint.it>
    To: Alan Vidmar <Alan.Vidmar@Colorado.edu>
    
    

    Hi Alan,

    On my old Solaris 2.6 i used this complie option for using prngd:

    --with-prngd-socket=/some/file allows you to enable EGD or PRNGD
    support and to specify a PRNGd socket. Use this if your Unix lacks
    /dev/random and you don't want to use OpenSSH's builtin entropy
    collection support.

    After i compiled PRNGD i made this steps:

    # cp -p prngd /usr/local/bin
    # mkdir /usr/local/etc
    # mkdir /usr/local/etc/prngd
    # cat /var/log/syslog > /usr/local/etc/prngd/prngd-seed
    # cp -p prngd-0.9.25/contrib/Solaris-7/prngd.conf.solaris-7 /etc/prngd.conf

    # mkdir /var/spool/prngd

    Start PRNGD daemon as follows:

    # /usr/local/bin/prngd /var/spool/prngd/pool

    During openssh configure phase i used this option:

    --with-prngd-socket=/var/spool/prngd/pool

    The last configure messages should be something like this:

    .
    .
    .
    Translate v4 in v6 hack: no
                      BSD Auth support: no
                  Random number source: ssh-rand-helper
         ssh-rand-helper collects from: Unix domain socket "/var/spool/prngd/pool"

    and you can do:

    make
    make install

    hope this help you

    Max

    Monday, April 14, 2003, 9:55:43 PM, you wrote:

    AV> Hi All,

    AV> I'm trying to get Open SSH v3.6.1p1 to install on one of my AIX
    AV> 5.1.003 boxes.

    AV> I'm following the IBM tutorial:Deploying OpenSSH on AIX
    AV> http://www-1.ibm.com/servers/esdd/tutorials/aix_ssh/index.html

    AV> But of course using the most recent version of OpenSSL (0.9.7b)
    AV> and OpenSSH (3.6.1p1) due to the security problems with prior
    AV> versions. Also I'm using GCC v3.2.1 and PRNGD v0.9.27.

    AV> I've run into a snag when setting up the compiler for OpenSSH. I
    AV> cannot get the compiler options to use the PRNGD (Pseudo
    AV> Random Number Generator Daemon) instead of the OpenSSL
    AV> internal for the "Random number source".

    AV> Here is my config line: "./configure --sysconfdir=/etc/ssh --with-
    AV> prngd-socket=/dev/egd-pool -- with-pid-dir=/var/tmp"

    AV> I do have PRNGD running, so I'm not sure why it won't select it
    AV> correctly.

    AV> Any ideas?

    AV> TIA,
    AV> Alan

    AV> "I don't have time to be impatient."
    AV> Alan R. Vidmar Assistant Director of IT
    AV> Office of Financial Aid University of Colorado
    AV> Alan.Vidmar@Colorado.EDU (303)492-3598
    AV> *** This message printed with 100% recycled electrons ***


  • Next message: QB=FChl=2C_Reiner=2C_VIS-TOLx=22?=: "X11 Forwarding without X11Forward option in sshd_config?"

    Relevant Pages

    • Re: prngd usage on OpenSsh4.3p2
      ... AIX 5.1 and I am trying to build it with prngd ... At OpenSSH build time, if the RNG isn't self-seeded configure automatically builds "ssh-rand-helper", which is an external process that runs around collecting entropy from various sources, mashing them together and returning the result to whichever process ran it. ...
      (SSH)
    • RE: prngd usage on OpenSsh4.3p2
      ... my company is switching over to ssh and we have an old RS6000 ... Subject: prngd usage on OpenSsh4.3p2 ... OpenSSL itself checks if there's a decent entropy source on your system ... At OpenSSH build time, if the RNG isn't self-seeded configure ...
      (SSH)
    • Re: prngd and AIX 5.3
      ... > I have a person asking me if prngd is needed for openssh on aix 5.3, ... > have always had prngd but I was wondering if anyone knew if this was true ... You don't need prngd on AIX 5.2 as it has a real kernel-based random ... Most modern OpenSSLs will search for a random device first, ...
      (SSH)
    • Re: OpenSSh on OpenServer
      ... Subject: OpenSSh on OpenServer ... Couldn't connect to PRNGD socket ... * the prngd start script uses a pid file but doesn't handle it sanely and so ... the lockfile exists, and refuses to stop (or do other stop related actions ...
      (comp.unix.sco.misc)