EGD requirement a show stopper for me

Andre Lucas andre.lucas at dial.pipex.com
Mon Jan 31 22:18:43 EST 2000


Andrew Stribblehill wrote:
8<
> If we assume that sshd is around all the time, there is no way for
> local users to login to other machines whilst disallowing ssh
> logins to localhost. (A sort of runlevel-2 state.) If it's
> considered that this is of minority interest, perhaps PRNG stuff
> /should/ be compiled in.
> 
Good point. The prng code would need to be linked into ssh as well as
sshd - as it is in ssh-1.2.27 - and the state would be picked up from a
file. The biggest problem I see with that would be that the ssh
executable would have to be setuid <whatever> to access the seed and key
files if there was no other program running to manage this.

IMHO the best way is indeed to have a standalone daemon. Reading output
from a pipe, it's as close to a portable random device as we're likely
to get. EGD is good, but because it's written in Perl it's slow and big.
With a C prng as a separate program it should be easier to maintain, and
it would be easier to protect the statefiles that Yarrow wants. I can't
think of a reason why it would have to run as root, either.

Ta,
-André





More information about the openssh-unix-dev mailing list