getting OpenSSH/OpenSSL to utilize /dev/random

Bob Smith b_smith44 at hotmail.com
Sat Apr 13 07:31:46 EST 2002


i have used the SUNWski, ANDIrand, and sun's new (solaris 8 patch 112438) 
PRNG. they all work just fine.

as i recall SUNWski, by default, only provides a /dev/random interface. you 
can modify the startup script to either provide /dev/urandom instead or 
provide both /dev/random and /dev/urandom, of course the catch here is that 
urandom is supposed to be non-blocking and the interface provided by SUNWski 
is blocking. i have seen connection startup hang when using the SUNWski 
package on "quiet" machines due to entropy pool depletion, but only when 
there are a fairly large number of session connections.

i've used ANDIrand on Solaris 2.6, 7 and 8 for the past two years with no 
problems. i have just finished converting my Solaris 8 systems to use sun's 
new PRNG as sun will support it and it is the package that will be shipped 
with Solaris 9 and on.

i build OpenSSL with this script:

env \
CC=cc \
CXX=CC \
CFLAGS="-fast -I/local/include" \
CPPFLAGS="-I/local/include" \
CXXFLAGS="-fast -I/local/include" \
LDFLAGS="-L/local/lib -R/local/lib" \
TMPDIR="/tmp" \
./Configure  \
        --prefix=/local \
        threads \
        shared \
        solaris-sparcv9-cc


if ( $? == 0 ) then
  gmake
endif


then build OpenSSH with this script:

env \
CC=cc \
CXX=CC \
CFLAGS="-fast -I/local/include" \
CPPFLAGS="-I/local/include" \
LDFLAGS="-L/local/lib -R/local/lib" \
TMPDIR="/tmp" \
./configure  \
        --prefix=/local \
        --sysconfdir=/etc/openssh \
        --localstatedir=/var \
        --with-tcp-wrappers \
        --with-pam \
        --with-ssl-dir=/local \
        --disable-suid-ssh \
        --with-pid-dir=/var/run


if ( $? == 0 ) then
  gmake
endif


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com




More information about the openssh-unix-dev mailing list