OpenSSH and Irix?

Lars Kellogg-Stedman lars at larsshack.org
Sat Apr 22 01:23:41 EST 2000


I'd like to install openssh across an Irix cluster where I work, but its
dependency on an "entropy pool" like /dev/urandom is making this
problematic -- especially because EGD has issues with Irix that making it
largely unusable.

Obviously, the original ssh relied on its own random number
generator.  While this may not have provided the same degree of randomness
that is provided by the openssh implementation, it had the advantage of
being completely self contained.

Is there any reason why this can't be added to openssh as an
option?  Something like --enable-cheap-random-numbers-with-lower-security,
or something like that.  This would provide at least the same level as
security as ssh 1.2.27 (and would actually work, whereas at the moment
I've got sshd turned off because of the EGD problems).

Any thoughts?  I don't have much crypto programming experience, so I've
implemented a cheap hack using random/initstate and friends which seems to
work, but I'd prefer to see a more "official" solution.

Incidentally, the configure script asks for reports on Irix 6.x
experience.  Once the random number problem is out of the way, openssh
appears to work just fine.

Thanks,

-- Lars

-- 
Lars Kellogg-Stedman <lars at larsshack.org> --> http://www.larsshack.org/






More information about the openssh-unix-dev mailing list