entropy problems IRIX

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Apr 2 03:47:15 EST 2002


in the ${PREFIX}/etc/ssh_prng_cmds lists all commands that are used
for gathering entropy.  If you run a ssh -v -v -v (or sshd -d -d -d
respectively) you will see what commands are failing and succeeding and
that may help you to tweak it.

However remember anything below 3.1 has a security adv out on it.  Which
basicly sums up being a post-authentication root hole.  You really should
upgrade to 3.1.

- Ben

On Mon, 1 Apr 2002, Richard Bonomo wrote:

>
> Hello!
>
> I am running openSSH 2.9x on an IRIX 6.5.x platform.
> This was recently installed using SGI-supplied
> "freeware" binaries.
>
> I find that as time goes on, it takes more attempts
> to establish an ssh connection from the IRIX platform
> to another machine, as it fails with "not enough entropy
> in PRNG."  I posted a note asking for assistance, and
> received a reply suggesting I install PRNGd, which
> I did.  Unfortunately, I looks like the binaries
> were not compiled with PRNGd support.
>
> Before I attempt to download and compile a fresh
> version of this utility (which tends to be
> problematic with our installations), I would
> like to know if there is some way of tweaking
> openssh's internal "entropy generator" to fix
> this problem.  Does anyone know?
>
> Thank you.
>
> Richard B.
>
> --
> ************************************************
> Richard Bonomo
> UW Space Astronomy Laboratory
> ph: (608) 263-4683 telefacsimile: (608) 263-0361
> SAL-related email: bonomo at sal.wisc.edu
> all other email: bonomo at ece.wisc.edu
> web page URL: http://www.cae.wisc.edu/~bonomo
> ************************************************
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list