Will OpenSSH fallback to internal PRNG?

Ben Lindstrom mouring at etoh.eviladmin.org
Sat Nov 9 02:12:14 EST 2002

./configure --with-rand-helper

will ensure the entropy code is always installed.  OpenSSH will check with
OpenSSL to see if it can seed itself.  If it can not it will then fall
back to it's internal entropy code.

- Ben

On Fri, 8 Nov 2002, Eddy wrote:
> Greetings.
> I'm wondering if OpenSSH automatically falls back to the internal
> PRNG (such as used on Solaris) when it can't use a better alternative.
> The reason I ask is this: the machine I am compiling OpenSSH on has
> the /dev/random patch for Solaris 8. I'd like OpenSSH to use
> /dev/random
> whenever possible, if it exists. However, I'd prefer NOT to have to
> compile a separate version that doesn't use /dev/random for the Sol8
> boxes which do NOT have the /dev/random patch. If OpenSSH falls back
> to the internal PRNG, then great, problem solved! If not, how hard
> would it be to implement such a feature?
> I'm hoping OpenSSH automatically "falls back" to its internal PRNG
> if it can't use/find a "better" one that it was compiled with.
> (Similar thing would be when using something like 'prngd'; what happens
> if the daemon isn't running? Will OpenSSH fall back to internal PRNG,
> or are you SOL?)
> Thanks for any insight!
> Eddy
> __________________________________________________
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive greatest hits videos
> http://launch.yahoo.com/u2
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list