Re: prngd and AIX 5.3

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 06/03/05

  • Next message: Scott Haneda: "Working out a OS X 10.4 Tiger ssh implementation issue, slow logins"
    Date: Fri, 03 Jun 2005 10:17:05 +1000
    To: Kaysee Long <kaysee@us.ibm.com>
    
    

    Kaysee Long wrote:
    > I have a person asking me if prngd is needed for openssh on aix 5.3, we
    > have always had prngd but I was wondering if anyone knew if this was true
    > or not and if it is do i compile openssh without prngd in it? His
    > complaint is prngd is taking too much cpu....Kaysee

    You don't need prngd on AIX 5.2 as it has a real kernel-based random
    number generator. I believe this is the same for 5.3 too although I've
    not seen it.

    You shouldn't need to do anything special to compile OpenSSH without
    prngd, other than, well, not installing prngd before building OpenSSH.
    Most modern OpenSSLs will search for a random device first, so it is
    likely that you will not even need to recompile, but simply shut down
    prngd. (Ensure you have suffifient access to restart it if I'm wrong,
    obviously.)

    I have seen a couple of reports of AIX machines having incorrect device
    specials for the random device nodes. The common thread seems to be
    that they were upgrades not new installs.

    One of those threads is here:
    http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=111399373520017

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Scott Haneda: "Working out a OS X 10.4 Tiger ssh implementation issue, slow logins"

    Relevant Pages

    • Re: prngd usage on OpenSsh4.3p2
      ... AIX 5.1 and I am trying to build it with prngd ... At OpenSSH build time, if the RNG isn't self-seeded configure automatically builds "ssh-rand-helper", which is an external process that runs around collecting entropy from various sources, mashing them together and returning the result to whichever process ran it. ...
      (SSH)
    • RE: prngd usage on OpenSsh4.3p2
      ... my company is switching over to ssh and we have an old RS6000 ... Subject: prngd usage on OpenSsh4.3p2 ... OpenSSL itself checks if there's a decent entropy source on your system ... At OpenSSH build time, if the RNG isn't self-seeded configure ...
      (SSH)
    • Re: OpenSSh on OpenServer
      ... Subject: OpenSSh on OpenServer ... Couldn't connect to PRNGD socket ... * the prngd start script uses a pid file but doesn't handle it sanely and so ... the lockfile exists, and refuses to stop (or do other stop related actions ...
      (comp.unix.sco.misc)
    • Open SSH v3.6.1p1
      ... I'm trying to get Open SSH v3.6.1p1 to install on one of my AIX ... I'm following the IBM tutorial:Deploying OpenSSH on AIX ... Also I'm using GCC v3.2.1 and PRNGD v0.9.27. ... cannot get the compiler options to use the PRNGD (Pseudo ...
      (SSH)
    • OpenSSH 3.6.1p1
      ... I'm following the IBM tutorial:Deploying OpenSSH on AIX ... OpenSSH due to the security problems with prior versions. ... I'm using GCC v3.2.1 and PRNGD v0.9.27. ... get the compiler options to use the PRNGD (Pseudo Random Number ...
      (AIX-L)