Re: prngd and AIX 5.3

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 06/03/05

  • Next message: Scott Haneda: "Working out a OS X 10.4 Tiger ssh implementation issue, slow logins"
    Date: Fri, 03 Jun 2005 10:17:05 +1000
    To: Kaysee Long <kaysee@us.ibm.com>
    
    

    Kaysee Long wrote:
    > I have a person asking me if prngd is needed for openssh on aix 5.3, we
    > have always had prngd but I was wondering if anyone knew if this was true
    > or not and if it is do i compile openssh without prngd in it? His
    > complaint is prngd is taking too much cpu....Kaysee

    You don't need prngd on AIX 5.2 as it has a real kernel-based random
    number generator. I believe this is the same for 5.3 too although I've
    not seen it.

    You shouldn't need to do anything special to compile OpenSSH without
    prngd, other than, well, not installing prngd before building OpenSSH.
    Most modern OpenSSLs will search for a random device first, so it is
    likely that you will not even need to recompile, but simply shut down
    prngd. (Ensure you have suffifient access to restart it if I'm wrong,
    obviously.)

    I have seen a couple of reports of AIX machines having incorrect device
    specials for the random device nodes. The common thread seems to be
    that they were upgrades not new installs.

    One of those threads is here:
    http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=111399373520017

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Scott Haneda: "Working out a OS X 10.4 Tiger ssh implementation issue, slow logins"