<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2652.35">
<TITLE>RE: ssh-rand-helper probs</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>It sounds to me like your problem is only occuring while performing ssh functions under a /a mount (I'm assuming off of a cdrom or net boot, possibly during jumpstart)?</FONT></P>
<P><FONT SIZE=2>If so, I suspect that portions of ssh are compiled to look for fully qualified paths that would exist if they were under /a, but don't exist directory under /</FONT></P>
<P><FONT SIZE=2>The easiest solution may just be to install a runonce type script in /etc/rc3.d that generates the keys (if not present) and then deletes itself.</FONT></P>
<P><FONT SIZE=2>Alternatively, you may try compiling it from scratch. I know that recent versions have a pkgproto, although we roll our own, so I'm not sure how well it handles the alternate mount point issue. It might also require some sort of trickery with compile time flags to switch from fully qualified paths to relative paths. As a last resort, you could come up with some link trickery. For example, you could compile ssh to be installed in /a/usr/local/openssh and then on your production server, create a /a link to /</FONT></P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Kim & Kyle Bedell [<A HREF="mailto:2beds@rogers.com">mailto:2beds@rogers.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Wednesday, April 24, 2002 11:11 PM</FONT>
<BR><FONT SIZE=2>To: openssh-unix-dev@mindrot.org</FONT>
<BR><FONT SIZE=2>Subject: ssh-rand-helper probs</FONT>
</P>
<BR>
<P><FONT SIZE=2>Hi all</FONT>
</P>
<P><FONT SIZE=2> Am i doing this right? Is this the right list to post to? If not, a</FONT>
<BR><FONT SIZE=2>quick lesson in ettiquette for me would not hurt. As I am both just</FONT>
<BR><FONT SIZE=2>starting to use newsgroups and SSH, I am not entirely familiar with the</FONT>
<BR><FONT SIZE=2>processes. I have a question about ssh-rand-helper. First an outline: I</FONT>
<BR><FONT SIZE=2>am currently using the SSH packages for Solaris 2.8 available at</FONT>
<BR><FONT SIZE=2>sunfreeware.com. The environment is Solaris 8 (2.8) on sun4u platforms</FONT>
<BR><FONT SIZE=2>(ultras). At work, I have constructed a boot and installation server, an</FONT>
<BR><FONT SIZE=2>Ultra 450 that amongst other things, installs, configures SSH and</FONT>
<BR><FONT SIZE=2>auto-generates SSH keys as part of the client build. No problems there, it</FONT>
<BR><FONT SIZE=2>works quite nicely so that when the client finishes building, it can be</FONT>
<BR><FONT SIZE=2>immediately deployed. At home however, I practice and experiment alot. I</FONT>
<BR><FONT SIZE=2>use an SS20 with 224MB of RAM as a boot server but I get a different set of</FONT>
<BR><FONT SIZE=2>errors depending on what I do:</FONT>
</P>
<P><FONT SIZE=2>The first time I tried this type of installation of SSH at home however I</FONT>
<BR><FONT SIZE=2>got an error that read:</FONT>
</P>
<P><FONT SIZE=2> "ld.so.1: /a/usr/local/bin/ssh-keygen: fatal: libz.so: open failed: No such</FONT>
<BR><FONT SIZE=2>file or directory. Killed"</FONT>
</P>
<P><FONT SIZE=2>So........just feed it some env parameters ....like LD_LIBRARY_PATH...</FONT>
<BR><FONT SIZE=2>right? nope</FONT>
</P>
<P><FONT SIZE=2>tried that and got this:</FONT>
</P>
<P><FONT SIZE=2>"(rand child) Couldn't exec '/usr/local/libexec/ssh-rannd-helper': No such</FONT>
<BR><FONT SIZE=2>file or directory</FONT>
<BR><FONT SIZE=2>ssh-rand-helper child produced insufficient data"</FONT>
</P>
<P><FONT SIZE=2>This sounds like: 1. It really cant find the specified path/filename but</FONT>
<BR><FONT SIZE=2>then how did the second part occur, that being: "ssh-rand-helper child</FONT>
<BR><FONT SIZE=2>produced insufficient data" It also sounds like prngd is not doing its job</FONT>
<BR><FONT SIZE=2>but I have sat in on the build and watched it start up in a cmd tool window</FONT>
<BR><FONT SIZE=2>while the client builds.</FONT>
<BR><FONT SIZE=2>This only happens when I use a script (!) and again, it only happens here at</FONT>
<BR><FONT SIZE=2>home on this sparc20. (Did I say that already?) :) After the client</FONT>
<BR><FONT SIZE=2>finishes building, I can manually generate keys using the ssh-keygen</FONT>
<BR><FONT SIZE=2>utility without incident.</FONT>
</P>
<P><FONT SIZE=2>the relevant excerpt from the customization script that I uses is here:</FONT>
<BR><FONT SIZE=2>-------------text snipped----------------</FONT>
<BR><FONT SIZE=2>LD_LIBRARY_PATH=/a/usr/local/lib:/usr/local/lib:/usr/lib</FONT>
<BR><FONT SIZE=2>export LD_LIBRARY_PATH</FONT>
<BR><FONT SIZE=2>echo "##########################################"</FONT>
<BR><FONT SIZE=2>echo "#</FONT>
<BR><FONT SIZE=2>#"</FONT>
<BR><FONT SIZE=2>echo "# Installing and configuring</FONT>
<BR><FONT SIZE=2>#"</FONT>
<BR><FONT SIZE=2>echo "# samba and SSH (Secure Shell) #"</FONT>
<BR><FONT SIZE=2>echo "#</FONT>
<BR><FONT SIZE=2>#"</FONT>
<BR><FONT SIZE=2>echo "##########################################"</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/vnc/vnc-3.3.3r2-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>mkdir -p /a/usr/local/samba</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/samba/samba-2.2.2-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/zlib-1.1.4-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/perl-5.6.1-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/egd-0.8-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/prngd-0.9.23-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>#pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/tcp_wrappers_7.6-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/openssl-0.9.6c-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>pkgadd -R /a -a ${ADMIN_FILE} -d</FONT>
<BR><FONT SIZE=2>${SU_CONFIG_DIR}/packages/sshpkgs/openssh-3.1p1-sol8-sparc-local all</FONT>
<BR><FONT SIZE=2>sleep 3</FONT>
<BR><FONT SIZE=2>cat /a/var/sadm/system/logs/sysidtool.log >/a/usr/local/etc/prngd-seed</FONT>
<BR><FONT SIZE=2>echo "##########################################"</FONT>
<BR><FONT SIZE=2>echo "#</FONT>
<BR><FONT SIZE=2>#"</FONT>
<BR><FONT SIZE=2>echo "# (SSH) Creating seed file #"</FONT>
<BR><FONT SIZE=2>echo "#</FONT>
<BR><FONT SIZE=2>#"</FONT>
<BR><FONT SIZE=2>echo "##########################################"</FONT>
<BR><FONT SIZE=2>sleep 2</FONT>
<BR><FONT SIZE=2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/prngd /a/etc/init.d/.</FONT>
<BR><FONT SIZE=2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/sshd /a/etc/init.d/.</FONT>
<BR><FONT SIZE=2>chown root:sys /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=2>chown root:sys /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=2>chmod 544 /a/etc/init.d/prngd</FONT>
<BR><FONT SIZE=2>chmod 544 /a/etc/init.d/sshd</FONT>
<BR><FONT SIZE=2>ln -s /etc/init.d/sshd /a/etc/rc2.d/S98sshd</FONT>
<BR><FONT SIZE=2>ln -s /etc/init.d/prngd /a/etc/rc2.d/S98prngd</FONT>
<BR><FONT SIZE=2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.allow /a/etc/.</FONT>
<BR><FONT SIZE=2>cp ${SU_CONFIG_DIR}/packages/sshpkgs/hosts.deny /a/etc/.</FONT>
<BR><FONT SIZE=2>cd /var</FONT>
<BR><FONT SIZE=2>mkdir -p spool/prngd</FONT>
<BR><FONT SIZE=2>/a/usr/local/bin/prngd /var/spool/prngd/pool</FONT>
<BR><FONT SIZE=2>sleep 3</FONT>
<BR><FONT SIZE=2>echo "###################################"</FONT>
<BR><FONT SIZE=2>echo "Attempting to create socket: "pool""</FONT>
<BR><FONT SIZE=2>echo "###################################"</FONT>
<BR><FONT SIZE=2>sleep 3</FONT>
<BR><FONT SIZE=2>/a/usr/local/bin/ssh-keygen -t rsa1 -f /a/usr/local/etc/ssh_host_key -N ""</FONT>
<BR><FONT SIZE=2>/a/usr/local/bin/ssh-keygen -t dsa -f /a/usr/local/etc/ssh_host_dsa_key -N</FONT>
<BR><FONT SIZE=2>""</FONT>
<BR><FONT SIZE=2>/a/usr/local/bin/ssh-keygen -t rsa -f /a/usr/local/etc/ssh_host_rsa_key -N</FONT>
<BR><FONT SIZE=2>""</FONT>
<BR><FONT SIZE=2>echo "##########################################"</FONT>
<BR><FONT SIZE=2>--------------text snipped---------------</FONT>
</P>
<BR>
<P><FONT SIZE=2>Any ideas? All advice appreciated and I thank you in advance</FONT>
</P>
<P><FONT SIZE=2>Kyle</FONT>
</P>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>openssh-unix-dev@mindrot.org mailing list</FONT>
<BR><FONT SIZE=2><A HREF="http://www.mindrot.org/mailman/listinfo/openssh-unix-dev" TARGET="_blank">http://www.mindrot.org/mailman/listinfo/openssh-unix-dev</A></FONT>
</P>
<CODE><FONT SIZE=3><BR>
<BR>
***********************************************************************************<BR>
WARNING: All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
************************************************************************************<BR>
</FONT></CODE></BODY>
</HTML>