Building OpenSSH 3.9p1 on Solaris 10
From: mikebo (google.20.m1k3b0_at_spamgourmet.com)
Date: 02/21/05
- Next message: Walter Roberson: "Re: Is it possible to pass the password in the ssh/scp command line?"
- Previous message: Frank Callone: "Is it possible to pass the password in the ssh/scp command line?"
- Next in thread: all mail refused: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply:(deleted message) all mail refused: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Andreas F. Borchert: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Darren Tucker: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Guenter Feldmann: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Feb 2005 13:01:19 -0800
I like Sun, but I don't trust them to maintain SSH properly and fix
bugs in a timely fashion. I especially do not like the Sun signature
that is given whenever someone connects to TCP port 22. Therefore, I
want to run OpenSSH 3.9p1 - the latest release. However, I have had
many problems building this package on Solaris 10 and have several
questions.
First, let me say that I would like to use Solaris' built-in
/dev/random and /dev/urandom devices instead of PRNGD or EGD. I also do
not want to use the OpenSSH built-in rand-helper routine. You might
think this is simple, but it is not.
I found I could not build OpenSSL or OpenSSH clean with the Sun
supplied gcc 3.4.3. I found there were many other comments on the Net
about problems building OpenSSL and OpenSSH with gcc 3.4.x. Therefore,
I downloaded and installed gcc 3.3.2 from sunfreeware.com.
Zlib was easy. I downloaded and installed the very latest version,
1.2.2. No problem.
OpenSSL seemed easy too. I downloaded and installed the very latest
version, 0.9.7e. No problem.
Building OpenSSH so that it uses the Sun built-in random devices has
been the big gotcha. When I simply run "./configure", the build cannot
find the OpenSSL installation, even though it is in the default
location: /usr/local/ssl. So, I ran "./configure
--with-ssl-dir=/usr/local/ssl". The output from "configure" warns:
Random number source: ssh-rand-helper
WARNING: you are using the builtin random number collection service.
Please read WARNING.RNG and request that your OS vendor includes
kernel-based random number collection in future versions of your OS.
Nevertheless, I build the code and it compiles and installs and starts
and works just fine. However, I am bothered that I'm using a less than
optimal source for randomness, so I attempt to re-configure OpenSSH to
use the Sun built-in random devices. I do "./configure
--with-ssl-dir=/usr/local/ssl --without-rand-helper". With this, I get
something that seems better:
Random number source: OpenSSL internal ONLY
This seems better because I believe OpenSSL is supposed to get
randomness from the built-in random devices in the OS, provided they
are present (they are). Fine... the code builds and installs OK, but
will not run.
Starting the ssh daemon
PRNG is not seeded
Hmmm... I am stumped. Why is a PRNG running at all? Isnt' OpenSSH
getting its randomness from OpenSSL which is getting its randomness
from /dev/urandom?
Could someone explain how to build OpenSSL and OpenSSH such that they
get their randomness from the Solaris 10 built-in random devices? Many
thanks!
- mikebo
- Next message: Walter Roberson: "Re: Is it possible to pass the password in the ssh/scp command line?"
- Previous message: Frank Callone: "Is it possible to pass the password in the ssh/scp command line?"
- Next in thread: all mail refused: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply:(deleted message) all mail refused: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Andreas F. Borchert: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Darren Tucker: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Reply: Guenter Feldmann: "Re: Building OpenSSH 3.9p1 on Solaris 10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
