Re: EGD and PRNGD

From: Joseph Kattner (joe_at_zosan.com)
Date: 05/08/03

  • Next message: Tech: "Re: sftp and passwords"
    Date: Thu, 08 May 2003 13:49:30 -0400
    To: secureshell@securityfocus.com, Debra.Talley@VerizonWireless.com
    
    

    Debra,

    Sun also provides a patch to provide /dev/random on older (8 and lower)
    distributions, SUNWski. Have used this in the past with no problem. Sun has
    a blueprint that you may want to read titled 'Building OpenSSH Tools and
    Tradeoffs' that provides a good explanation of installing OpenSSH onto
    Solaris, and the tools/options to consider when completing an installation.

    http://www.sun.com/solutions/blueprints/0103/817-1307.pdf

    --Joe

    At 10:28 AM 5/8/2003 +0200, Max Gregis wrote:
    >Hi Debra,
    >
    >First of all, if you want to use PRNGD, EGD is OPTIONAL end NOT mandatory
    >on SOlaris 2.6
    >
    >for compiling EGD you have to do:
    >
    >Take your source files and decompress them
    >
    >gzcat egd-0.8.tar.gz | tar xf -
    >
    >Now, go into EGD dir and:
    >
    >perl Makefile.PL
    >make
    >make test
    >make install
    >
    >
    >
    >
    ># mkdir -p /opt/prngd/bin
    ># mkdir -p /opt/prngd/etc
    >
    ># gzcat prngd-0.9.25.tar.gz | tar xf -
    ># cd prngd-0.9.25
    >
    ># cp -p contrib/Solaris-2.6/prngd.conf.solaris-26 /etc/prngd.conf
    >
    >
    >vi Makefile
    >
    >Find and Set this variable:
    >
    >DEFS=-DRANDSAVENAME=\"/opt/prngd/etc/prngd-seed\"
    >-DCONFIGFILE=\"/etc/prngd.conf\"
    >
    >
    >
    >Compile PRNGD with these options:
    >
    ># make CC=gcc CFLAGS="-O3 DSOLARIS" SYSLIBS="-lsocket -lnsl"
    >
    >If those options don't run, use these:
    >
    ># make CC=gcc SYSLIBS="-lsocket -lnsl"
    >
    >Now proceed to PRNGD configuration as follows:
    >
    >
    ># cp -p prngd /opt/prngd/bin
    >
    >
    ># cat /var/log/syslog > /opt/prngd/etc/prngd-seed
    >
    >
    >
    ># mkdir /var/spool/prngd
    >
    >Now execute PRNGD daemon as follows:
    >
    ># /opt/prngd/bin/prngd /var/spool/prngd/pool
    >
    >
    >you can create PRNGD startup script:
    >
    ># cd /etc/init.d
    ># vi prngd
    >
    >
    >
    >#!/bin/sh
    >
    >pid=`/usr/bin/ps -e | /usr/bin/grep prngd | /usr/bin/sed -e 's/^ *//' -e
    >'s/ .*//'`
    >case $1 in
    >'start')
    > /opt/prngd/bin/prngd /var/spool/prngd/pool
    > ;;
    >'stop')
    > if [ "${pid}" != "" ]
    > then
    > /usr/bin/kill ${pid}
    > fi
    > ;;
    >*)
    > echo "usage: /etc/init.d/prngd {start|stop}"
    > ;;
    >esac
    >
    >Now, create links:
    >
    ># ln -s /etc/init.d/prngd /etc/rc0.d/K30prngd
    ># ln -s /etc/init.d/prngd /etc/rc1.d/K30prngd
    ># ln -s /etc/init.d/prngd /etc/rc2.d/S20prngd
    ># ln -s /etc/init.d/prngd /etc/rcS.d/K30prngd
    >
    >
    >You can verify prngd functionality with EGD PRNGD:
    >
    ># /usr/local/bin/egc.pl /var/spool/prngd/pool get
    > 10211 bits of entropy in pool
    >
    >
    >
    >
    >
    >
    >
    >
    >Wednesday, May 07, 2003, 6:41:25 AM, you wrote:
    >
    >DTVc> I'm running Solaris 2.6 on a Unix Platform. I've loaded
    >openssh3.5p1 and
    >DTVc> load PRNGD. What I need some info on is, if I'm running with PRNGD do I
    >DTVc> still need EGD? and if so I having problems running the 'make'
    >command when
    >DTVc> trying to configure EGD. The following is the input from the command
    >
    >DTVc> gcc -c -fno-strict-aliasing -I/usr/local/include
    >DTVc> -D_LARGEFILE_SOURCE -D_FILE_Oc
    >DTVc> cc1: Invalid option `-fno-strict-aliasing'
    >DTVc> *** Error code 1
    >DTVc> make: Fatal error: Command failed for target `SHA1.o'
    >DTVc> Current working directory /opt/egd-0.9/Digest-SHA1-2.00
    >DTVc> *** Error code 1
    >DTVc> make: Fatal error: Command failed for target `subdirs'
    >
    >
    >DTVc> I want to redirect the default install directory from '/usr/local' to
    >DTVc> '/opt'. Any help would be appreciated.
    >
    >DTVc> Thanks
    >DTVc> DebraT


  • Next message: Tech: "Re: sftp and passwords"

    Relevant Pages

    • Re: EGD and PRNGD
      ... First of all, if you want to use PRNGD, EGD is OPTIONAL end NOT mandatory on SOlaris 2.6 ... DTVc> I'm running Solaris 2.6 on a Unix Platform. ... DTVc> *** Error code 1 ...
      (SSH)
    • Re: PRNGD and ssh-rand-helper
      ... In article, Chad Johnson wrote: ... >> (the former coming with egd, the latter coming with prngd). ... The rate value is the fraction of entropy you estimate to be in the output ...
      (comp.security.ssh)
    • Re: Problems with Openssh and PRNGD/EGD
      ... In the PRNGD README ... Man, they suck. ... Did I have to have EGD ... I tried installing EGD first but still no egd-pool ...
      (comp.security.ssh)
    • Re: newby - installing openssh 3.6.1p2 on solaris 8
      ... Darren Dunham wrote: ... > mention egd and prngd and lots of stuff like that. ... < This line left intentionally blank to confuse you. ...
      (comp.security.ssh)