Call for testing: OpenSSH-6.2
Kevin Brott
kevin.brott at gmail.com
Thu Mar 21 09:12:37 EST 2013
On Tue, Mar 19, 2013 at 4:25 PM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Wed, Mar 20, 2013 at 7:46 AM, Kevin Brott <kevin.brott at gmail.com>
> wrote:
> [....]
> > I seem to remember once upon a time - that while it was 'insecure' due to
> > the entropy being drek - that openssh would still pass make tests (with
> > warnings) if no decent RNG was installed. Admittedly I haven't tested on
> > such a system in a very long time, but did I miss something in a release
> > note somewhere that says it's a required element now?
>
> Yep, in 5.9 ssh-random-helper was removed:
> http://openssh.com/txt/release-5.9
>
> " * This release removes support for ssh-rand-helper. OpenSSH now
> obtains its random numbers directly from OpenSSL or from
> a PRNGd/EGD instance specified at configure time.
> "
>
I knew it might be something like that.
You must have some form of entropy available to openssl, though, or it
> would not build or run at all.
>
DOH. As I go grab a copy of prngd to test this out - I find that
/var/run/egd-pool already exists, and is generated by
/opt/openssl/prngd/prngd - so there is a working RNG on the system - it
just wasn't the one I was expecting.
Now I'm back to square one- why is multiplexer.sh failing if it's not the
RNG. :/
--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin.Brott at gmail.com> */
More information about the openssh-unix-dev
mailing list