getting OpenSSH/OpenSSL to utilize /dev/random
Bob Smith
b_smith44 at hotmail.com
Sat Apr 13 07:31:46 EST 2002
i have used the SUNWski, ANDIrand, and sun's new (solaris 8 patch 112438)
PRNG. they all work just fine.
as i recall SUNWski, by default, only provides a /dev/random interface. you
can modify the startup script to either provide /dev/urandom instead or
provide both /dev/random and /dev/urandom, of course the catch here is that
urandom is supposed to be non-blocking and the interface provided by SUNWski
is blocking. i have seen connection startup hang when using the SUNWski
package on "quiet" machines due to entropy pool depletion, but only when
there are a fairly large number of session connections.
i've used ANDIrand on Solaris 2.6, 7 and 8 for the past two years with no
problems. i have just finished converting my Solaris 8 systems to use sun's
new PRNG as sun will support it and it is the package that will be shipped
with Solaris 9 and on.
i build OpenSSL with this script:
env \
CC=cc \
CXX=CC \
CFLAGS="-fast -I/local/include" \
CPPFLAGS="-I/local/include" \
CXXFLAGS="-fast -I/local/include" \
LDFLAGS="-L/local/lib -R/local/lib" \
TMPDIR="/tmp" \
./Configure \
--prefix=/local \
threads \
shared \
solaris-sparcv9-cc
if ( $? == 0 ) then
gmake
endif
then build OpenSSH with this script:
env \
CC=cc \
CXX=CC \
CFLAGS="-fast -I/local/include" \
CPPFLAGS="-I/local/include" \
LDFLAGS="-L/local/lib -R/local/lib" \
TMPDIR="/tmp" \
./configure \
--prefix=/local \
--sysconfdir=/etc/openssh \
--localstatedir=/var \
--with-tcp-wrappers \
--with-pam \
--with-ssl-dir=/local \
--disable-suid-ssh \
--with-pid-dir=/var/run
if ( $? == 0 ) then
gmake
endif
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the openssh-unix-dev
mailing list