ssh-rand-helper probs

Liston Bias bias at pobox.com
Mon Apr 29 13:11:55 EST 2002


It appears you are doing this through jumpstart as indicated in initial
reply.  The rc script is a an easy option.  Another options would be to
create a symlink from your boot image install directory to the /a
directory.

For example, we store our openssh-related files in /usr/local/openssh.
Therefore, we can do a symlink from.

   'JUMPBASE'/Solaris_8/Tools/Boot/usr/local/openssh to

   ../../a/usr/local/openssh

when ssh-keygen looks for ssh_rand_helper in /usr/local/openssh/libexec
during jump install, it find it.

Regards,
Liston

--------

It sounds to me like your problem is only occuring while performing ssh
functions under a /a mount (I'm assuming off of a cdrom or net boot,
possibly during jumpstart)?

If so, I suspect that portions of ssh are compiled to look for fully
qualified paths that would exist if they were under /a, but don't exist
directory under /

The easiest solution may just be to install a runonce type script in
/etc/rc3.d that generates the keys (if not present) and then deletes
itself.

Alternatively, you may try compiling it from scratch.  I know that recent
versions have a pkgproto, although we roll our own, so I'm not sure how
well it handles the alternate mount point issue.  It might also require
some sort of trickery with compile time flags to switch from fully
qualified paths to relative paths.  As a last resort, you could come up
with some link trickery.  For example, you could compile ssh to be
installed in /a/usr/local/openssh and then on your production server,
create a /a link to /

-----Original Message-----
From: Kim & Kyle Bedell [mailto:2beds at rogers.com]
Sent: Wednesday, April 24, 2002 11:11 PM
To: openssh-unix-dev at mindrot.org
Subject: ssh-rand-helper probs


Hi all

    Am i doing this right? Is this the right list to post to? If not, a
quick lesson in ettiquette for me would not hurt.  As I am both just
starting to use newsgroups and SSH, I am not entirely familiar with the
processes.  I have a question about ssh-rand-helper.  First an outline:
I
am currently using the SSH packages for Solaris 2.8 available at
sunfreeware.com.  The environment is Solaris 8 (2.8) on sun4u platforms
(ultras).  At work, I have constructed a boot and installation server, an
Ultra 450 that amongst other things, installs, configures SSH and
auto-generates SSH keys as part of the client build.  No problems there,
it
works quite nicely so that when the client finishes building, it can be
immediately deployed.  At home however, I practice and experiment alot.  I
use an SS20 with 224MB of RAM as a boot server but I get a different set
of
errors depending on what I do:

The first time I tried this type of installation of SSH at home however I
got an error that read:

 "ld.so.1: /a/usr/local/bin/ssh-keygen: fatal: libz.so: open failed: No
such
file or directory.  Killed"

So........just feed it some env parameters ....like LD_LIBRARY_PATH...
right?    nope

tried that and got this:

"(rand child) Couldn't exec '/usr/local/libexec/ssh-rannd-helper':  No
such
file or directory
ssh-rand-helper child produced insufficient data"

This sounds like:  1.  It really cant find the specified path/filename but
then how did the second part occur, that being:  "ssh-rand-helper child
produced insufficient data"  It also sounds like prngd is not doing its
job
but I have sat in on the build and watched it start up in a cmd tool
window
while the client builds.
This only happens when I use a script (!) and again, it only happens here
at
home on this sparc20.  (Did I say that already?)   :) After the client
finishes building,  I can manually generate keys using the ssh-keygen
utility without incident.

the relevant excerpt from the customization script that I uses is here:
-------------text snipped----------------
LD_LIBRARY_PATH=/a/usr/local/lib:/usr/local/lib:/usr/lib
export LD_LIBRARY_PATH
echo "##########################################"
echo "#
#"
echo "#       Installing and configuring
#"
echo "#      samba and SSH (Secure Shell)                           #"
echo "#
#"
echo "##########################################"
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-local all
mkdir -p /a/usr/local/samba
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-sparc-local all
#pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sparc-local all
pkgadd -R /a -a ${ADMIN_FILE} -d
${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-sparc-local all
sleep 3
cat /a/var/sadm/system/logs/sysidtool.log >/a/usr/local/etc/prngd-seed
echo "##########################################"
echo "#
#"
echo "#       (SSH) Creating seed file
#"
echo "#
#"
echo "##########################################"
sleep 2
cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd /a/etc/init.d/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd /a/etc/init.d/.
chown root:sys /a/etc/init.d/prngd
chown root:sys /a/etc/init.d/sshd
chmod 544 /a/etc/init.d/prngd
chmod 544 /a/etc/init.d/sshd
ln -s /etc/init.d/sshd /a/etc/rc2.d/S98sshd
ln -s /etc/init.d/prngd /a/etc/rc2.d/S98prngd
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow /a/etc/.
cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny /a/etc/.
cd /var
mkdir -p spool/prngd
/a/usr/local/bin/prngd /var/spool/prngd/pool
sleep 3
echo "###################################"
echo "Attempting to create socket: "pool""
echo "###################################"
sleep 3
/a/usr/local/bin/ssh-keygen -t rsa1 -f /a/usr/local/etc/ssh_host_key -N ""
/a/usr/local/bin/ssh-keygen -t dsa -f /a/usr/local/etc/ssh_host_dsa_key -N
""
/a/usr/local/bin/ssh-keygen -t rsa -f /a/usr/local/etc/ssh_host_rsa_key -N
""
echo "##########################################"
--------------text snipped---------------


Any ideas?  All advice appreciated and I thank you in advance

Kyle

_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev


***********************************************************************************
WARNING:  All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************

------_=_NextPart_001_01C1EC4F.DB727F10
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
5.5.2652.35">
<TITLE>RE: ssh-rand-helper probs</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>It sounds to me like your problem is only occuring while
=
performing ssh functions under a /a mount (I'm assuming off of a cdrom or
n=
et boot, possibly during jumpstart)?</FONT></P>

<P><FONT SIZE=3D2>If so, I suspect that portions of ssh are compiled to
loo=
k for fully qualified paths that would exist if they were under /a, but
don=
't exist directory under /</FONT></P>

<P><FONT SIZE=3D2>The easiest solution may just be to install a runonce
typ=
e script in /etc/rc3.d that generates the keys (if not present) and then
de=
letes itself.</FONT></P>

<P><FONT SIZE=3D2>Alternatively, you may try compiling it from
scratch.&nbs=
p; I know that recent versions have a pkgproto, although we roll our own,
s=
o I'm not sure how well it handles the alternate mount point issue.&nbsp;
I=
t might also require some sort of trickery with compile time flags to
switc=
h from fully qualified paths to relative paths.&nbsp; As a last resort,
you=
 could come up with some link trickery.&nbsp; For example, you could
compil=
e ssh to be installed in /a/usr/local/openssh and then on your production
s=
erver, create a /a link to /</FONT></P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Kim &amp; Kyle Bedell [<A
HREF=3D"mailto:2beds at rog=
ers.com">mailto:2beds at rogers.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, April 24, 2002 11:11 PM</FONT>
<BR><FONT SIZE=3D2>To: openssh-unix-dev at mindrot.org</FONT>
<BR><FONT SIZE=3D2>Subject: ssh-rand-helper probs</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Hi all</FONT>
</P>

<P><FONT SIZE=3D2>&nbsp;&nbsp;&nbsp; Am i doing this right? Is this the
rig=
ht list to post to? If not, a</FONT>
<BR><FONT SIZE=3D2>quick lesson in ettiquette for me would not hurt.&nbsp;
=
As I am both just</FONT>
<BR><FONT SIZE=3D2>starting to use newsgroups and SSH, I am not entirely
fa=
miliar with the</FONT>
<BR><FONT SIZE=3D2>processes.&nbsp; I have a question about
ssh-rand-helper=
.&nbsp; First an outline:&nbsp;&nbsp; I</FONT>
<BR><FONT SIZE=3D2>am currently using the SSH packages for Solaris 2.8
avai=
lable at</FONT>
<BR><FONT SIZE=3D2>sunfreeware.com.&nbsp; The environment is Solaris 8
(2.8=
) on sun4u platforms</FONT>
<BR><FONT SIZE=3D2>(ultras).&nbsp; At work, I have constructed a boot and
i=
nstallation server, an</FONT>
<BR><FONT SIZE=3D2>Ultra 450 that amongst other things, installs,
configure=
s SSH and</FONT>
<BR><FONT SIZE=3D2>auto-generates SSH keys as part of the client
build.&nbs=
p; No problems there, it</FONT>
<BR><FONT SIZE=3D2>works quite nicely so that when the client finishes
buil=
ding, it can be</FONT>
<BR><FONT SIZE=3D2>immediately deployed.&nbsp; At home however, I practice
=
and experiment alot.&nbsp; I</FONT>
<BR><FONT SIZE=3D2>use an SS20 with 224MB of RAM as a boot server but I
get=
 a different set of</FONT>
<BR><FONT SIZE=3D2>errors depending on what I do:</FONT>
</P>

<P><FONT SIZE=3D2>The first time I tried this type of installation of SSH
a=
t home however I</FONT>
<BR><FONT SIZE=3D2>got an error that read:</FONT>
</P>

<P><FONT SIZE=3D2>&nbsp;&quot;ld.so.1: /a/usr/local/bin/ssh-keygen: fatal:
=
libz.so: open failed: No such</FONT>
<BR><FONT SIZE=3D2>file or directory.&nbsp; Killed&quot;</FONT>
</P>

<P><FONT SIZE=3D2>So........just feed it some env parameters ....like
LD_LI=
BRARY_PATH...</FONT>
<BR><FONT SIZE=3D2>right?&nbsp;&nbsp;&nbsp; nope</FONT>
</P>

<P><FONT SIZE=3D2>tried that and got this:</FONT>
</P>

<P><FONT SIZE=3D2>&quot;(rand child) Couldn't exec
'/usr/local/libexec/ssh-=
rannd-helper':&nbsp; No such</FONT>
<BR><FONT SIZE=3D2>file or directory</FONT>
<BR><FONT SIZE=3D2>ssh-rand-helper child produced insufficient
data&quot;</=
FONT>
</P>

<P><FONT SIZE=3D2>This sounds like:&nbsp; 1.&nbsp; It really cant find the
=
specified path/filename but</FONT>
<BR><FONT SIZE=3D2>then how did the second part occur, that being:&nbsp;
&q=
uot;ssh-rand-helper child</FONT>
<BR><FONT SIZE=3D2>produced insufficient data&quot;&nbsp; It also sounds
li=
ke prngd is not doing its job</FONT>
<BR><FONT SIZE=3D2>but I have sat in on the build and watched it start up
i=
n a cmd tool window</FONT>
<BR><FONT SIZE=3D2>while the client builds.</FONT>
<BR><FONT SIZE=3D2>This only happens when I use a script (!) and again, it
=
only happens here at</FONT>
<BR><FONT SIZE=3D2>home on this sparc20.&nbsp; (Did I say that
already?)&nb=
sp;&nbsp; :) After the client</FONT>
<BR><FONT SIZE=3D2>finishes building,&nbsp; I can manually generate keys
us=
ing the ssh-keygen</FONT>
<BR><FONT SIZE=3D2>utility without incident.</FONT>
</P>

<P><FONT SIZE=3D2>the relevant excerpt from the customization script that
I=
 uses is here:</FONT>
<BR><FONT SIZE=3D2>-------------text snipped----------------</FONT>
<BR><FONT
SIZE=3D2>LD_LIBRARY_PATH=3D/a/usr/local/lib:/usr/local/lib:/usr/l=
ib</FONT>
<BR><FONT SIZE=3D2>export LD_LIBRARY_PATH</FONT>
<BR><FONT SIZE=3D2>echo
&quot;##########################################&qu=
ot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#</FONT>
<BR><FONT SIZE=3D2>#&quot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Install=
ing and configuring</FONT>
<BR><FONT SIZE=3D2>#&quot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; samba and
SSH=
 (Secure
Shell)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; #&quot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#</FONT>
<BR><FONT SIZE=3D2>#&quot;</FONT>
<BR><FONT SIZE=3D2>echo
&quot;##########################################&qu=
ot;</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-loc=
al all</FONT>
<BR><FONT SIZE=3D2>mkdir -p /a/usr/local/samba</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-l=
ocal all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-=
local all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-=
local all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-loc=
al all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-spar=
c-local all</FONT>
<BR><FONT SIZE=3D2>#pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-=
sparc-local all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sp=
arc-local all</FONT>
<BR><FONT SIZE=3D2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT
SIZE=3D2>${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-spa=
rc-local all</FONT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>cat /a/var/sadm/system/logs/sysidtool.log
&gt;/a/usr/loc=
al/etc/prngd-seed</FONT>
<BR><FONT SIZE=3D2>echo
&quot;##########################################&qu=
ot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#</FONT>
<BR><FONT SIZE=3D2>#&quot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (SSH)
C=
reating seed
file&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; #&quot;</FONT>
<BR><FONT SIZE=3D2>echo &quot;#</FONT>
<BR><FONT SIZE=3D2>#&quot;</FONT>
<BR><FONT SIZE=3D2>echo
&quot;##########################################&qu=
ot;</FONT>
<BR><FONT SIZE=3D2>sleep 2</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd
/a/etc/init.d=
/.</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd
/a/etc/init.d/=
.</FONT>
<BR><FONT SIZE=3D2>chown root:sys /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=3D2>chown root:sys /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=3D2>chmod 544 /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=3D2>chmod 544 /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=3D2>ln -s /etc/init.d/sshd /a/etc/rc2.d/S98sshd</FONT>
<BR><FONT SIZE=3D2>ln -s /etc/init.d/prngd /a/etc/rc2.d/S98prngd</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow
/a/etc/=
.</FONT>
<BR><FONT SIZE=3D2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny
/a/etc/.=
</FONT>
<BR><FONT SIZE=3D2>cd /var</FONT>
<BR><FONT SIZE=3D2>mkdir -p spool/prngd</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/prngd /var/spool/prngd/pool</FONT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>echo
&quot;###################################&quot;</FO=
NT>
<BR><FONT SIZE=3D2>echo &quot;Attempting to create socket:
&quot;pool&quot;=
&quot;</FONT>
<BR><FONT SIZE=3D2>echo
&quot;###################################&quot;</FO=
NT>
<BR><FONT SIZE=3D2>sleep 3</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t rsa1 -f
/a/usr/local/etc/=
ssh_host_key -N &quot;&quot;</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t dsa -f
/a/usr/local/etc/s=
sh_host_dsa_key -N</FONT>
<BR><FONT SIZE=3D2>&quot;&quot;</FONT>
<BR><FONT SIZE=3D2>/a/usr/local/bin/ssh-keygen -t rsa -f
/a/usr/local/etc/s=
sh_host_rsa_key -N</FONT>
<BR><FONT SIZE=3D2>&quot;&quot;</FONT>
<BR><FONT SIZE=3D2>echo
&quot;##########################################&qu=
ot;</FONT>
<BR><FONT SIZE=3D2>--------------text snipped---------------</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Any ideas?&nbsp; All advice appreciated and I thank you
i=
n advance</FONT>
</P>

<P><FONT SIZE=3D2>Kyle</FONT>
</P>

<P><FONT SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>openssh-unix-dev at mindrot.org mailing list</FONT>
<BR><FONT SIZE=3D2><A
HREF=3D"http://www.mindrot.org/mailman/listinfo/opens=
sh-unix-dev"
TARGET=3D"_blank">http://www.mindrot.org/mailman/listinfo/open=
ssh-unix-dev</A></FONT>
</P>

<CODE><FONT SIZE=3D3><BR>
<BR>
***************************************************************************=
********<BR>
WARNING:  All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
***************************************************************************=
*********<BR>
</FONT></CODE></BODY>
</HTML>
------_=_NextPart_001_01C1EC4F.DB727F10--
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




More information about the openssh-unix-dev mailing list