Summary: Proving OpenSSH 3.4p1 is using /dev/urandom (Solaris 9 ossh Vs OpenBSD ossh)

From: Surinder S. Dio (S.S.Dio@gre.ac.uk)
Date: 07/23/02 

Date: Tue, 23 Jul 2002 17:17:50 +0100
From: "Surinder S. Dio" <S.S.Dio@gre.ac.uk>
To: focus-sun@securityfocus.com

Firstly,

many thanks to all the people who replied on the list and privately
- too many to mention all of them - but some good suggestions.

On Sun, Jul 21, 2002 at 04:59:55PM +0100, Surinder S. Dio wrote:

[snip a large portion of my original posting]

> Could someone point how I can guarantee that /dev/urandom is being
> used and how the Sun version managed to use it. Am I missing a
> compile/configure option?

There were various suggestions; but the most popular seemed to be to
run strings against the binary and to run truss (why I originally
forgot to run truss I don't know - I do normally - DOH!) against the
OpenSSH daemon (ossh) and that should indicate the use of
/dev/urandom.

Here's a run down of my findings (sorry a bit long) - if you want
the short answer then it's "yes OpenSSH 3.4p1 does seem to be using
/dev/urandom - by way of OpenSSL)."

The longer findings ....

I killed off all running sshd's and connected to my test sb100 via it's
serial port.

Started off my compiled version of ossh as follows:

truss -f -o /tmp/sshd-truss /export/pkg/ossh-2/sbin/sshd

grep random /tmp/sshd-truss

552: open("/dev/urandom", O_RDONLY) = 3

PID 552 is sshd. So this seems to confirm that it is accessed when
starting up ossh.

Also checked strings against the ossh binary:

# strings /export/pkg/ossh-2/sbin/sshd | grep -i random
th@(#)$Id: bsd-arc4random.c,v 1.5 2002/05/08 22:57:18 tim Exp $
Couldn't obtain random bytes (error %ld)
random number generator
id-cmc-popLinkRandom
/dev/urandom

Again there is a reference to it.

So the implication is that it is being used.

An explantion of why I wasn't seeing OpenSSH 3.4p1 accessing
/dev/urandom with lsof, whereas the Sun SSH version did came from
Mike Delaney:

"I suspect that since OpenSSH now uses the entropy collection
routines in the openssl library, /dev/urandom is only being opened
when needed rather than being left open all the time. Trussing an
invocation of the OpenSSH 3.4p1 client seems to confirm this -- it
opens /dev/urandom, then shortly thereafter closes the file
descriptor.

Since SUNWssh was derived from one of the older OpenSSH releases,
it's most likely still using the older behavior."

Backed up by Andew Caines:

"The random device is not help open continually. Verify your ssh(d) is
using it by running it under truss(1)"

Another option was from David Foster to run ossh with debug enabled.
I didnt test this - but I will.

Various ppl suggested installing OpenSSH with configure options such
as --without-rand-helper --without-prngd.

I didn't try this as the truss and strings output seemed like a fair
assumption that /dev/urandom was in use.

For the record here are the configure options I used while testing ...

For OpenSSL -
./Configure --prefix=/export/pkg/openssl-0.9.6d \
                  solaris-sparcv8-gcc
                      
For OpenSSH -
./configure --prefix=/export/pkg/ossh-2 \
--with-ssl-dir=/export/pkg/openssl-0.9.6d \
--with-zlib \
--with-tcp-wrappers \
--with-pam

Once again many thanks to all who replied and I think it's all clear
now. Now to roll out an upgrade to 3.4p1 across 100's of boxes!

Rgds
Surinder