Call for testing: OpenSSH-6.2

Kevin Brott kevin.brott at
Thu Mar 21 09:12:37 EST 2013

On Tue, Mar 19, 2013 at 4:25 PM, Darren Tucker <dtucker at> wrote:

> On Wed, Mar 20, 2013 at 7:46 AM, Kevin Brott <kevin.brott at>
> wrote:
> [....]
> > I seem to remember once upon a time - that while it was 'insecure' due to
> > the entropy being drek - that openssh would still pass make tests (with
> > warnings) if no decent RNG was installed.  Admittedly I haven't tested on
> > such a system in a very long time, but did I miss something in a release
> > note somewhere that says it's a required element now?
> Yep, in 5.9 ssh-random-helper was removed:
> " * This release removes support for ssh-rand-helper. OpenSSH now
>    obtains its random numbers directly from OpenSSL or from
>    a PRNGd/EGD instance specified at configure time.
> "

​I knew it might be something like that.

You must have some form of entropy available to openssl, though, or it
> would not build or run at all.

​DOH.  As I go grab a copy of prngd to test this out - I find that
​/var/run/egd-pool already exists, and is generated by
/opt/openssl/prngd/prngd - so there is a working RNG on the system - it
just wasn't the one I was expecting.

Now I'm back to square one- why is failing if it's not the
RNG. :/

# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at> */

More information about the openssh-unix-dev mailing list