Re: Open SSH v3.6.1p1

From: snake (paranormal@goatrance.com)
Date: 04/22/03

  • Next message: Rafael.Scalize@avon.com: "SSHD on AIX 5.1"
    Date: 22 Apr 2003 07:43:04 -0000
    From: snake <paranormal@goatrance.com>
    To: secureshell@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <3E9ABDDF.13403.FD01C96@localhost>

    Hello,

    I think it was from 0.9.7 of OpenSSL that PRNGD will be found internally
    by default. When you configure OpenSSH it will say:
    Random number source: OpenSSL internal ONLY
    even though you specified external source. OpenSSL will find PRNGD in its
    default locations (which I'm not sure where they are atm).

    I've put the PRNGD socket in:
    SOCKETDIR=/var/run
    SOCKET=$SOCKETDIR/egd-pool

    which is a default location that works with OpenSSL on Solaris.

    Correct me if I'm wrong, but I think that's the problem.

    Hope it works!

    >Received: (qmail 18608 invoked from network); 15 Apr 2003 01:00:27 -0000
    >Received: from outgoing2.securityfocus.com (HELO
    outgoing.securityfocus.com) (205.206.231.26)
    > by mail.securityfocus.com with SMTP; 15 Apr 2003 01:00:27 -0000
    >Received: from lists.securityfocus.com (lists.securityfocus.com
    [205.206.231.19])
    > by outgoing.securityfocus.com (Postfix) with QMQP
    > id A28BB8F2D4; Mon, 14 Apr 2003 19:03:17 -0600 (MDT)
    >Mailing-List: contact secureshell-help@securityfocus.com; run by ezmlm
    >Precedence: bulk
    >List-Post: <mailto:secureshell@securityfocus.com>
    >List-Help: <mailto:secureshell-help@securityfocus.com>
    >List-Unsubscribe: <mailto:secureshell-unsubscribe@securityfocus.com>
    >List-Subscribe: <mailto:secureshell-subscribe@securityfocus.com>
    >Delivered-To: mailing list secureshell@securityfocus.com
    >Delivered-To: moderator for secureshell@securityfocus.com
    >Received: (qmail 20798 invoked from network); 14 Apr 2003 19:38:41 -0000
    >From: "Alan Vidmar" <Alan.Vidmar@Colorado.edu>
    >To: secureshell@securityfocus.com
    >Date: Mon, 14 Apr 2003 13:55:43 -0600
    >MIME-Version: 1.0
    >Content-type: text/plain; charset=US-ASCII
    >Content-transfer-encoding: 7BIT
    >Subject: Open SSH v3.6.1p1
    >Reply-To: Alan.Vidmar@Colorado.edu
    >Message-ID: <3E9ABDDF.13403.FD01C96@localhost>
    >Priority: normal
    >X-mailer: Pegasus Mail for Win32 (v3.12c)
    >
    >Hi All,
    >
    >I'm trying to get Open SSH v3.6.1p1 to install on one of my AIX
    >5.1.003 boxes.
    >
    >I'm following the IBM tutorial:Deploying OpenSSH on AIX
    >http://www-1.ibm.com/servers/esdd/tutorials/aix_ssh/index.html
    >
    >But of course using the most recent version of OpenSSL (0.9.7b)
    >and OpenSSH (3.6.1p1) due to the security problems with prior
    >versions. Also I'm using GCC v3.2.1 and PRNGD v0.9.27.
    >
    >I've run into a snag when setting up the compiler for OpenSSH. I
    >cannot get the compiler options to use the PRNGD (Pseudo
    >Random Number Generator Daemon) instead of the OpenSSL
    >internal for the "Random number source".
    >
    >Here is my config line: "./configure --sysconfdir=/etc/ssh --with-
    >prngd-socket=/dev/egd-pool -- with-pid-dir=/var/tmp"
    >
    >I do have PRNGD running, so I'm not sure why it won't select it
    >correctly.
    >
    >Any ideas?
    >
    >TIA,
    >Alan
    >
    >"I don't have time to be impatient."
    >Alan R. Vidmar Assistant Director of IT
    >Office of Financial Aid University of Colorado
    >Alan.Vidmar@Colorado.EDU (303)492-3598
    >*** This message printed with 100% recycled electrons ***
    >


  • Next message: Rafael.Scalize@avon.com: "SSHD on AIX 5.1"

    Relevant Pages

    • creating thread safe programs on aix
      ... I am working on AIX 5.1 and have wrote a program that uses ... cryptographic libraries), while running Configure for the openssl I ... applications as the compiler options required on this system are not ...
      (comp.unix.aix)
    • RE: configure ssh
      ... Step Three: Getting Entropy ... The next step in installation is to start the generation of entropy for use ... This should start up the prngd daemon and start generating entropy. ... This seems to be a new issue with openssl ...
      (SSH)
    • Re: openssh 3.9.1 cant test RAND_status
      ... the test you are referring to did *not* test OpenSSL for internal ... Using that for code to test for OpenSSL's PRNGD being self-seeded would ... You should find out why your x86 box won't seed properly and fix that. ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • OpenSSH & autostart
      ... openssl, openssh). ... I run this commands: ... After that when I try to start startsrc -s prngd I see message: ... 0513-059 The prngd Subsystem has been started. ...
      (comp.unix.aix)
    • Re: OpenSSH+OpenSSL+PRNGD = confusion?
      ... > If I kill the prngd, sshd still works but the ssh client won't. ... As of OpenSSL 0.9.7, OpenSSL does automatically query EGD style sockets ...
      (comp.security.ssh)