Re: prngd and AIX 5.3
From: Darren Tucker (dtucker_at_zip.com.au)
Date: Fri, 03 Jun 2005 10:17:05 +1000 To: Kaysee Long <email@example.com>
Kaysee Long wrote:
> I have a person asking me if prngd is needed for openssh on aix 5.3, we
> have always had prngd but I was wondering if anyone knew if this was true
> or not and if it is do i compile openssh without prngd in it? His
> complaint is prngd is taking too much cpu....Kaysee
You don't need prngd on AIX 5.2 as it has a real kernel-based random
number generator. I believe this is the same for 5.3 too although I've
not seen it.
You shouldn't need to do anything special to compile OpenSSH without
prngd, other than, well, not installing prngd before building OpenSSH.
Most modern OpenSSLs will search for a random device first, so it is
likely that you will not even need to recompile, but simply shut down
prngd. (Ensure you have suffifient access to restart it if I'm wrong,
I have seen a couple of reports of AIX machines having incorrect device
specials for the random device nodes. The common thread seems to be
that they were upgrades not new installs.
One of those threads is here:
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.