path to find ssh-rand-helper

J.S.Peatfield at damtp.cam.ac.uk J.S.Peatfield at damtp.cam.ac.uk
Tue Apr 2 17:37:15 EST 2002


> ssh-rand-helper should be viewed as your last line of defence on a
> box that lacks kernel entropy devices (read: No root access user
> installing the ssh client).

Exactly.  I wish to continue to be able to provide downloads of
binaries for use by our users if they visit a random site which
doesn't (yet) provide ssh.  They won't have root access and will
almost certainly be running on machines with no kernel entropy source
(well the ones with a local entropy source will be ok anyway).

Since we no longer allow any other form of remote access it is now
more important that we continue to be able to offer such binaries (we
had to suffer several sets of _important_people_ complaining when we
blocked telnet access, and the availability of downloadable binaries
was about the only thing which calmed them down (though they had to
have a new procedure explained to them)).

Of course most sites do now supply ssh clients but we can't rely on it
when people are at random conferences...

 -- Jon




More information about the openssh-unix-dev mailing list