EGD requirement a show stopper for me

Andrew Stribblehill a.d.stribblehill at durham.ac.uk
Mon Jan 31 21:08:08 EST 2000


Quoting Andre Lucas <andre.lucas at dial.pipex.com>:
> 
> > All the same, this still leaves us with the same problem, namely
> > that of needing to have a daemon around all the time.
> 
> We already have a daemon around all the time, sshd. There's no reason
> why the entropy hooks and the yarrow code should be outside that.
> 
> FWIW I'm not saying there's anything wrong with a standalone PRNG daemon
> - I actually think that would be a good thing, and others could benefit
> from it. We could stir in good /dev/random output as additional entropy,
> but still be portable to systems that lack such devices.

If we assume that sshd is around all the time, there is no way for
local users to login to other machines whilst disallowing ssh
logins to localhost. (A sort of runlevel-2 state.) If it's
considered that this is of minority interest, perhaps PRNG stuff
/should/ be compiled in.

Thanks,

Andrew Stribblehill
Systems Programmer, IT Service, University of Durham





More information about the openssh-unix-dev mailing list