Fwd: OpenSSH on Ultrix?

Steve VanDevender stevev at darkwing.uoregon.edu
Wed Feb 28 05:10:43 EST 2001


Robbie Stone writes:
 > Markus Friedl wrote:
 > > 
 > > On Sun, Feb 25, 2001 at 11:43:04AM -0800, Robbie Stone wrote:
 > > >       Insufficient entropy errors occur under Ultrix because of no
 > > > /dev/random. OpenSSH takes care of this by complaining and failing to
 > > > connect. The commercial SSH stuff uses system commands to make up for
 > > > the lack of /dev/random, so it runs ps ,netstat, vmstat, etc. I haven't
 > > > found support for this in OpenSSH yet but it is terribly necessary for
 > > 
 > > openssh does this, too.
 > 
 > If OpenSSH does this then how does it determine which commands are
 > appropriate? The *other* SSH that I installed had arguments that it was
 > passing to netstat that didn't come until 4-5 years later ;-)

In OpenSSH the commands used for entropy gathering are configurable in
the ssh_prng_cmds file.  It's completely customizable.

While my original installation of OpenSSH used the built-in entropy
gathering via ssh_prng_cmds, I updated OpenSSH (and other cryptographic
applications like gpg and stunnel) to use EGD, and later Lutz Jaenicke's
PRNGD because EGD just can't cope with high-volume use.  Some of our
system scripts and EGD itself were failing when they drained all the
entropy out of EGD and users were complaining about being unable to make
ssh connections.  PRNGD also uses something like 1/100 of the CPU time
as EGD on my systems.






More information about the openssh-unix-dev mailing list