issue with EGD in openssh

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Feb 14 20:33:13 EST 2001


On Tue, Feb 13, 2001 at 04:16:43PM -0700, Todd C. Miller wrote:
> Yes, I was surprised too.   I have not seen this happen on HP-UX either.
> However, this is still something openssh needs to deal with as it should
> be possible to restart the entropy daemon w/o having sshd die.

I agree. I had this problem quite some time ago with older versions of
OpenSSH which kept the connection to EGD open all the time and were not
prepared to deal with EGD-restarts.
...
20000626
...
 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
   based on patch from Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
 - (djm) Fix fixed EGD code.
...
Based on what you write here, more work must be done to make sure that
EGD failure must not lead to sshd failures.
EGD or PRNGD can be shut down and restarted in a not synchronized way at
any time, so that SSHD failure must be prevented.
(Investigation of possible PRNGD caused problems will continue independently.)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153





More information about the openssh-unix-dev mailing list