[Bug 1781] New: Document how to use Solaris 10 /dev/random

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 15 05:48:28 EST 2010 

https://bugzilla.mindrot.org/show_bug.cgi?id=1781

           Summary: Document how to use Solaris 10 /dev/random
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: pepper at reppep.com


http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/INSTALL says:

--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
support and to specify a PRNGd socket. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.

--with-prngd-port=portnum allows you to enable EGD or PRNGD support
and to specify a EGD localhost TCP port. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.


I hoped that the configure script would automatically use /dev/random,
but apparently not -- it says "Random number source: OpenSSL internal
ONLY".

root at thor:/# uname -a
SunOS thor 5.10 Generic_142901-08 i86pc i386 i86pc
root at thor:/# ls -l /dev/random /devices/pseudo/random at 0:random
lrwxrwxrwx   1 root     root          33 Oct 21  2009 /dev/random ->
../devices/pseudo/random at 0:random
crw-r--r--   1 root     sys      149,  0 Jun 10 11:27
/devices/pseudo/random at 0:random


I see configure arguments for a subprocess or PRNGd, but nothing
obvious to point at /dev/random (a character device). Should I just use
"--with-prngd-socket=/dev/random"? 

pepper at thor:~/cvs/openssh$ ./configure --help|egrep -i '(rand|prng)'
  --with-rand-helper      Use subprocess to gather strong randomness
  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP
localhost:PORT
  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE
(default=/var/run/egd-pool)


Perhaps the Solaris heading in README.platform should include a
suggestion?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list