[Bug 449] New: ssh_prng_cmds has malformed arp command

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=449

           Summary: ssh_prng_cmds has malformed arp command
           Product: Portable OpenSSH
           Version: 3.4p1
          Platform: Sparc
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: keith at ajmani.org


The file "ssh_prng_cmds", used for entropy generation on systems like solaris
that lack a decent /dev/random, contains an incorrect "arp" entry.

In particular, the command run is: 

"arp -a -n" /usr/sbin/arp 0.02

Unfortunately, in Solaris8, the "-n" command (no host lookups) is not supported.
As a result, when this command is run on a solaris box that has arp entries in
its cache that it cannot resolve -- either via a local nameserver or a remote
one -- then this command hangs, for a very, very long time.

Some results of this hang are:
- sshd will take 10+ minutes to start on boot
- sshkeygen commands progres very, very slowly

This situation arose when I had a Solaris box installed in a private 10.x
network, running named locally with itself as the only DNS server in
/etc/resolv.conf.  However, the box was sitting on a LAN with other boxes in a
subnet outside of the range that the Solaris box was authoratative for, and so
its arp cache had entries that it could not resolve locally.

My suggested fix to this bug is to remove the "arp" command from ssh_prng_cmds
on Solaris.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.