heads-up: removal of ssh-rand-helper

Damien Miller djm at mindrot.org
Thu May 5 13:58:37 EST 2011

On Mon, 2 May 2011, Damien Miller wrote:

> OpenSSH Security Advisory: portable-keysign-rand-helper.adv
>         Future releases of portable OpenSSH will remove support for
>         ssh-rand-helper - in 2011, there is no excuse for not
>         providing a /dev/random-like interface as part of the OS.
>         Users stuck on one of these platforms may use PRNGd
>         (http://prngd.sf.net) to provide a host-wide random pool.

I have committed the diff to remove ssh-rand-helper from -current.
Systems that were using ssh-rand-helper should install PRNGd from
http://prngd.sf.net/ instead - it is less complex and a better
source of random numbers. How less complex?

> 22 files changed, 230 insertions(+), 1550 deletions(-)

Previously, portable OpenSSH's support for PRNGd depended on
ssh-rand-helper to make the connections. The removal diff moved this
support into libssh.a, so all programs that need random numbers will
now connect to PRNGd directly.

Support for this will be in tomorrow's snapshot, so if you use a
system without /dev/random or a similar source of random numbers in
OpenSSL then please test one.


More information about the openssh-unix-dev mailing list