Re: OpenSSH, PRNGd, and ssh-rand-helper

From: Lutz Jaenicke (jaenicke@iee.TU-Berlin.DE)
Date: 01/05/03


From: Lutz Jaenicke <jaenicke@iee.TU-Berlin.DE>
Date: 5 Jan 2003 17:34:48 GMT

In article <9d0b79b2.0301021531.64303618@posting.google.com>, Robert Reiter wrote:
> In case of building/installing OpenSSH release 3.5p1 on a UNIX
> machine/operating system that lacks any kernel-based random device
> (e.g., /dev/random, /dev/urandom) but does have Lutz Janicke's Pseudo
> Random Number Generator Daemon (PRNGD) installed and running (e.g., on
> the UNIX socket /var/run/egd-pool), what is the role and purpose of
> OpenSSH's ssh-rand-helper program?

If you have the choice: update to OpenSSL 0.9.7. It will automatically
query EGD like processes at predefined locations (one of which is
/var/run/egd-pool). If OpenSSH is recompiled, it will recognize that
OpenSSL is obtaining the seed itself.

Best regards,
        Lutz



Relevant Pages

  • Re: prngd usage on OpenSsh4.3p2
    ... AIX 5.1 and I am trying to build it with prngd ... At OpenSSH build time, if the RNG isn't self-seeded configure automatically builds "ssh-rand-helper", which is an external process that runs around collecting entropy from various sources, mashing them together and returning the result to whichever process ran it. ...
    (SSH)
  • RE: prngd usage on OpenSsh4.3p2
    ... my company is switching over to ssh and we have an old RS6000 ... Subject: prngd usage on OpenSsh4.3p2 ... OpenSSL itself checks if there's a decent entropy source on your system ... At OpenSSH build time, if the RNG isn't self-seeded configure ...
    (SSH)
  • Re: prngd and AIX 5.3
    ... > I have a person asking me if prngd is needed for openssh on aix 5.3, ... > have always had prngd but I was wondering if anyone knew if this was true ... You don't need prngd on AIX 5.2 as it has a real kernel-based random ... Most modern OpenSSLs will search for a random device first, ...
    (SSH)
  • Re: OpenSSh on OpenServer
    ... Subject: OpenSSh on OpenServer ... Couldn't connect to PRNGD socket ... * the prngd start script uses a pid file but doesn't handle it sanely and so ... the lockfile exists, and refuses to stop (or do other stop related actions ...
    (comp.unix.sco.misc)
  • Re: Open SSH v3.6.1p1
    ... On my old Solaris 2.6 i used this complie option for using prngd: ... support and to specify a PRNGd socket. ... AV> I'm following the IBM tutorial:Deploying OpenSSH on AIX ...
    (SSH)