[Bug 1781] New: Document how to use Solaris 10 /dev/random
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 15 05:48:28 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1781
Summary: Document how to use Solaris 10 /dev/random
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: pepper at reppep.com
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/INSTALL says:
--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
support and to specify a PRNGd socket. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.
--with-prngd-port=portnum allows you to enable EGD or PRNGD support
and to specify a EGD localhost TCP port. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.
I hoped that the configure script would automatically use /dev/random,
but apparently not -- it says "Random number source: OpenSSL internal
ONLY".
root at thor:/# uname -a
SunOS thor 5.10 Generic_142901-08 i86pc i386 i86pc
root at thor:/# ls -l /dev/random /devices/pseudo/random at 0:random
lrwxrwxrwx 1 root root 33 Oct 21 2009 /dev/random ->
../devices/pseudo/random at 0:random
crw-r--r-- 1 root sys 149, 0 Jun 10 11:27
/devices/pseudo/random at 0:random
I see configure arguments for a subprocess or PRNGd, but nothing
obvious to point at /dev/random (a character device). Should I just use
"--with-prngd-socket=/dev/random"?
pepper at thor:~/cvs/openssh$ ./configure --help|egrep -i '(rand|prng)'
--with-rand-helper Use subprocess to gather strong randomness
--with-prngd-port=PORT read entropy from PRNGD/EGD TCP
localhost:PORT
--with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE
(default=/var/run/egd-pool)
Perhaps the Solaris heading in README.platform should include a
suggestion?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list