slightly overzealous RNG seeding?
Irving Popovetsky
irving at samurai.sfo.dead-dog.com
Thu Aug 31 12:41:51 EST 2000
Hello again,
I was testing today's SNAP (openssh-SNAP-20000830.tar.gz) in my
Solaris 2.6-8 environment, when I found some problems with the ssh2
support.
While connecting, it seeds the RNG something like 32 times! And then
once connected, it seeds again 2 or 3 times with *every* keystroke! This
makes for some slow going. This happens on all of the Solaris boxes I
tried. Binary was compiled on 2.6 against OpenSSL 0.9.5a.
Output follows:
6:19pm.orangecrush: ~# ssh -2 -v qabigip1
SSH Version OpenSSH_2.1.1p5, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to qabigip1 [10.23.1.2] port 22.
debug: Command 'ipcs -a' timed out
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 1021.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version 2.0.12
F-SECURE SSH
datafellows: 2.0.12 F-SECURE SSH
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.1.1p5
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Command 'ipcs -a' timed out
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got
kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
debug: got
kexinit: 3des-cbc,cast128-cbc,blowfish-cbc,twofish-cbc,arcfour,none
debug: got kexinit: hmac-md5,md5-8,none
debug: got kexinit: hmac-md5,md5-8,none
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client blowfish-cbc hmac-md5 none
debug: kex: client->server blowfish-cbc hmac-md5 none
debug: Sending SSH2_MSG_KEXDH_INIT.
debug: bits set: 522/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'qabigip1' is known and matches the DSA host key.
debug: bits set: 507/1024
debug: len 40 datafellows 15
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: Command 'ipcs -a' timed out
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: buggy server: service_accept w/o service
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: authentications that can continue: publickey,password
debug: key does not exist: //.ssh/id_dsa
root at qabigip1's password:
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: ssh-userauth2 successfull
debug: no set_nonblock for tty fd 7
debug: no set_nonblock for tty fd 8
debug: no set_nonblock for tty fd 9
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Command 'ipcs -a' timed out
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Entering interactive session.
debug: callback start
debug: client_init id 0 arg 0
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Requesting X11 forwarding with authentication spoofing.
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: channel request 0: shell
debug: client_set_session_ident: id 0
debug: callback done
debug: channel 0: open confirm rwindow 10000 rmax 4096
Last login: Wed Aug 30 21:04:04 2000 from orangecrush
<snip>
No mail.
Terminal type? [xterm] debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Command 'ipcs -a' timed out
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
Terminal type is xterm.
qabigip1:~# debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
qabigip1:~# debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
testdebug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
That can't be right. Or am I doing something wrong?
Gratefully,
-Irving
More information about the openssh-unix-dev
mailing list