Fwd: OpenSSH on Ultrix?
Damien Miller
djm at mindrot.org
Wed Feb 28 08:27:08 EST 2001
On Tue, 27 Feb 2001, Steve VanDevender wrote:
> While my original installation of OpenSSH used the built-in entropy
> gathering via ssh_prng_cmds, I updated OpenSSH (and other cryptographic
> applications like gpg and stunnel) to use EGD, and later Lutz Jaenicke's
> PRNGD because EGD just can't cope with high-volume use. Some of our
> system scripts and EGD itself were failing when they drained all the
> entropy out of EGD and users were complaining about being unable to make
> ssh connections. PRNGD also uses something like 1/100 of the CPU time
> as EGD on my systems.
Yes - PRNGd is very nice and is superior to portable OpenSSH's own
random number collection. The fact that it is a long-lived, system-wide
pool makes it more secure and less resource intensive than OpenSSH's
collection routines (which need to run at least once per program
invocation).
I strongly recommend it to everyone without a /dev/random.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list