ssh-rand-helper probs
Lacoss-Arnold, Jason
Jason.Lacoss-Arnold at AGEDWARDS.com
Thu Apr 25 21:53:47 EST 2002
It sounds to me like your problem is only occuring while performing ssh
functions under a /a mount (I'm assuming off of a cdrom or net boot,
possibly during jumpstart)?
If so, I suspect that portions of ssh are compiled to look for fully
qualified paths that would exist if they were under /a, but don't exist
directory under /
The easiest solution may just be to install a runonce type script in
/etc/rc3.d that generates the keys (if not present) and then deletes itself.
Alternatively, you may try compiling it from scratch. I know that recent
versions have a pkgproto, although we roll our own, so I'm not sure how well
it handles the alternate mount point issue. It might also require some sort
of trickery with compile time flags to switch from fully qualified paths to
relative paths. As a last resort, you could come up with some link
trickery. For example, you could compile ssh to be installed in
/a/usr/local/openssh and then on your production server, create a /a link to
/
-----Original Message-----
From: Kim & Kyle Bedell [mailto:2beds at rogers.com]
Sent: Wednesday, April 24, 2002 11:11 PM
To: openssh-unix-dev at mindrot.org
Subject: ssh-rand-helper probs
Hi all
Am i doing this right? Is this the right list to post to? If not, a
quick lesson in ettiquette for me would not hurt. As I am both just
starting to use newsgroups and SSH, I am not entirely familiar with the
processes. I have a question about ssh-rand-helper. First an outline: I
am currently using the SSH packages for Solaris 2.8 available at
sunfreeware.com. The environment is Solaris 8 (2.8) on sun4u platforms
(ultras). At work, I have constructed a boot and installation server, an
Ultra 450 that amongst other things, installs, configures SSH and
auto-generates SSH keys as part of the client build. No problems there, it
works quite nicely so that when the client finishes building, it can be
immediately deployed. At home however, I practice and experiment alot. I
use an SS20 with 224MB of RAM as a boot server but I get a different set of
errors depending on what I do:
The first time I tried this type of installation of SSH at home however I
got an error that read:
"ld.so.1: /a/usr/local/bin/ssh-keygen: fatal: libz.so: open failed: No such
file or directory. Killed"
So........just feed it some env parameters ....like LD_LIBRARY_PATH...
right? nope
tried that and got this:
"(rand child) Couldn't exec '/usr/local/libexec/ssh-rannd-helper': No such
file or directory
ssh-rand-helper child produced insufficient data"
This sounds like: 1. It really cant find the specified path/filename but
then how did the second part occur, that being: "ssh-rand-helper child
produced insufficient data" It also sounds like prngd is not doing its job
but I have sat in on the build and watched it start up in a cmd tool window
while the client builds.
This only happens when I use a script (!) and again, it only happens here at
home on this sparc20. (Did I say that already?) :) After the client
finishes building, I can manually generate keys using the ssh-keygen
utility without incident.
the relevant excerpt from the customization script that I uses is here:
-------------text snipped----------------
LD_LIBRARY_PATH=/a/usr/local/lib:/usr/local/lib:/usr/lib
export LD_LIBRARY_PATH
echo "##########################################"
echo "#
#"
echo "# Installing and configuring
#"
echo "# samba and SSH (Secure Shell) #"
echo "#
#"
echo "##########################################"
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-local all
mkdir -p /a/usr/local/samba
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-sparc-local all
#pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-sparc-local all
sleep 3
cat /a/var/sadm/system/logs/sysidtool.log >/a/usr/local/etc/prngd-seed
echo "##########################################"
echo "#
#"
echo "# (SSH) Creating seed file #"
echo "#
#"
echo "##########################################"
sleep 2
cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd /a/etc/init.d/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd /a/etc/init.d/.
chown root:sys /a/etc/init.d/prngd
chown root:sys /a/etc/init.d/sshd
chmod 544 /a/etc/init.d/prngd
chmod 544 /a/etc/init.d/sshd
ln -s /etc/init.d/sshd /a/etc/rc2.d/S98sshd
ln -s /etc/init.d/prngd /a/etc/rc2.d/S98prngd
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow /a/etc/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny /a/etc/.
cd /var
mkdir -p spool/prngd
/a/usr/local/bin/prngd /var/spool/prngd/pool
sleep 3
echo "###################################"
echo "Attempting to create socket: "pool""
echo "###################################"
sleep 3
/a/usr/local/bin/ssh-keygen -t rsa1 -f /a/usr/local/etc/ssh_host_key -N ""
/a/usr/local/bin/ssh-keygen -t dsa -f /a/usr/local/etc/ssh_host_dsa_key -N
""
/a/usr/local/bin/ssh-keygen -t rsa -f /a/usr/local/etc/ssh_host_rsa_key -N
""
echo "##########################################"
--------------text snipped---------------
Any ideas? All advice appreciated and I thank you in advance
Kyle
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
***********************************************************************************
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020425/d7e53fe1/attachment.html
More information about the openssh-unix-dev
mailing list