Re: PRNGD/Solaris 2.6/ssh 371p2
From: Lutz Jaenicke (Lutz.Jaenicke_at_aet.TU-Cottbus.DE)
Date: 10/22/03
- Previous message: David Howe: "Re: launching background processes using ssh"
- In reply to: Curt D McIntosh: "PRNGD/Solaris 2.6/ssh 371p2"
- Next in thread: Mak, Andrew: "RE: PRNGD/Solaris 2.6/ssh 371p2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Oct 2003 22:05:13 +0200 To: secureshell@securityfocus.com
On Tue, Oct 21, 2003 at 06:00:16PM -0400, Curt D McIntosh wrote:
> On a Solaris 2.6 NIS Master, this is what I do using sunfreeware
> packages...
>
> As root:
> add /usr/local/bin, /usr/local/sbin and /usr/local/ssl/bin to my path.
> add /usr/local/ssl/lib to LD_LIBRARY_PATH and source profile.
>
> --> pkgadd -d openssh-3.7.1p2-sol26-sparc-local
> --> pkgadd -d openssl-0.9.7b-sol26-sparc-local
> --> pkgadd -d zlib-1.1.4-sol26-sparc-local
> --> pkgadd -d gcc-3.2.3-sol26-sparc-local
> --> pkgadd -d tcp_wrappers-7.6-sol26-sparc-local
> --> pkgadd -d prngd-0.9.25-sol26-sparc-local
> --> pkgadd -d egd-0.8-sol26-sparc-local
> --> pkgadd -d perl-5.8.0-sol26-sparc-local
>
> --> cat /var/adm/messages > /usr/local/etc/prngd/prngd-seed
> --> mkdir /var/spool/prngd
> --> /usr/local/sbin/prngd /var/spool/prngd/pool
> --> /usr/local/bin/egc.pl /var/spool/prngd/pool get
> I see this:
> 32800 bits of entropy in pool
>
> --> mkdir /var/empty
> --> chown root:sys /var/empty
> --> chmod 600 /var/empty
> --> groupadd sshd
> --> useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
> --> cd /var/yp
> --> make
>
> # ssh-keygen -t rsa1 -N ""
> PRNG is not seeded
>
> # ps -ef | grep prngd
> root 4031 228 0 14:41:09 pts/0 0:00 grep prngd
> root 3985 1 0 14:39:54 ? 0:00 /usr/local/sbin/prngd
> /var/spool/prngd/pool
I am not familiar with the Sun freeware packages. OpenSSL does query
prngd automatically, but only at other locations (e.g. /var/run/egd-pool).
If OpenSSL is not self-seeded, OpenSSH can query EGD/PRNGD itself if
instructed to do so. I did not follow recent changes to OpenSSH with
respect to seeding, so I don't know whether there might exist some problems,
since OpenSSL 0.9.7 takes care of this itself.
I would recommend you to use
/usr/local/sbin/prngd /var/spool/prngd/pool /var/run/egd-pool
to establish an additional socket at the "well known" location.
Best regards,
Lutz
-- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus
- Previous message: David Howe: "Re: launching background processes using ssh"
- In reply to: Curt D McIntosh: "PRNGD/Solaris 2.6/ssh 371p2"
- Next in thread: Mak, Andrew: "RE: PRNGD/Solaris 2.6/ssh 371p2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
