Regarding the optional OpenSSL integration for the portable version

Ángel González keisial at
Mon May 5 06:56:03 EST 2014

On 02/05/14 21:40, William Ahern wrote:
> Linux
> also has an obscure sysctl which pulls directly from the internal CSPRNG. So
> all of these will work in a jail without /dev or /proc.

That's cool, but as stated on Linux sysctl(2):
>        Glibc does not provide a wrapper for this system call; call it 
> using syscall(2).  Or rather...  don't call it: use of
>        this system call has long been discouraged, and it is so 
> unloved that it is likely to disappear in  a  future  kernel
>        version.   Since  Linux  2.6.24,  uses of this system call 
> result in warnings in the kernel log.  Remove it from your
>        programs now; use the /proc/sys interface instead.
>        This system call is available only if the kernel was configured 
> with the CONFIG_SYSCTL_SYSCALL option.

And indeed, trying a test program calling CTL_KERN, KERN_RANDOM, 
RANDOM_UUID (from your code) prints
> warning: process `sysctl-rand' used the deprecated sysctl system call 
> with 1.40.6.

and returned with ENOSYS (the kernel was compiled without 

So I don't think it's a suitable primary mean to gather random data 
under Linux. :-(

I encourage you to raise at lkml the need to have a dev-less random data 
source, though.

More information about the openssh-unix-dev mailing list