path to find ssh-rand-helper
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Apr 3 00:28:33 EST 2002
Maybe (I'm half-awake so I'm not considering all the issues) one should
allow OpenSSH to look for ssh-rand-helper in the user's path. (Default to
fixed location, but a configure option). That will solve the problem in
the generic form, but I'm worried about it selecting a wrong
ssh-rand-helper.
- Ben
On Tue, 2 Apr 2002 J.S.Peatfield at damtp.cam.ac.uk wrote:
> > ssh-rand-helper should be viewed as your last line of defence on a
> > box that lacks kernel entropy devices (read: No root access user
> > installing the ssh client).
>
> Exactly. I wish to continue to be able to provide downloads of
> binaries for use by our users if they visit a random site which
> doesn't (yet) provide ssh. They won't have root access and will
> almost certainly be running on machines with no kernel entropy source
> (well the ones with a local entropy source will be ok anyway).
>
> Since we no longer allow any other form of remote access it is now
> more important that we continue to be able to offer such binaries (we
> had to suffer several sets of _important_people_ complaining when we
> blocked telnet access, and the availability of downloadable binaries
> was about the only thing which calmed them down (though they had to
> have a new procedure explained to them)).
>
> Of course most sites do now supply ssh clients but we can't rely on it
> when people are at random conferences...
>
> -- Jon
>
>
More information about the openssh-unix-dev
mailing list