Make ssh-rand-helper fall back to commands when configured with prngd
Darren Tucker
dtucker at zip.com.au
Sun Dec 19 10:50:39 EST 2004
Hi.
I recently snookered myself: I build OpenSSH on an old box that didn't
have /dev/random, but happened to be running prngd at the time for other
reasons. Because I wanted to use commands, I configured
--with-rand-helper, however configure found the prngd socket and built
ssh-rand-helper to use it exclusively.
Next reboot: no prngd, no random seed, no sshd. Do not log in, do not
pass "Go", do not collect $200.
Can anyone see any reason why we shouldn't allow ssh-rand-helper to
fall back to commands if egd/prngd is not available? This is what
happens if both PRNGD_PORT and PRNGD_SOCKET are defined:
$ ./ssh-rand-helper -v
debug1: Seeded RNG with 1 bytes from system calls
debug1: trying egd/prngd port 3333
Couldn't connect to PRNGD port 3333: Connection refused
debug1: trying egd/prngd socket /var/run/egd-pool
Couldn't connect to PRNGD socket "/var/run/egd-pool": Connection refused
debug1: Loaded 52 entropy commands from /usr/local/etc/ssh_prng_cmds
debug1: Seeded RNG with 373 bytes from programs
629[...]b2
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-rand-helper.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041219/00227f78/attachment.ksh
More information about the openssh-unix-dev
mailing list