Not enough entropy in RNG

Dave Thiede David.Thiede at pnl.gov
Sat Sep 29 01:26:02 EST 2001


I have been experiencing problems with remote data collection systems
reporting not enough entropy in RNG. It mostly seems to be self correcting
since a retry of the data transport succeeds. One system however shows
the following everytime an ssh connection is attempted. Interactive
commands do not seem to be affected. I have perused the code but the
entropy gatherer seems to be fairly simple and I see no reason for the
commands to be mostly timing out. There must be some kind of timer in the
ssh code to cause this that I haven't found yet.

This system is running Solaris 5.7 with a really old version of openSSH as
you can see. There are no X windows on these sysetms nor usually any
keyboard interaction. I have a task to upgrade these systems but from the
release notes, I don't have a very high confidence that an upgrade will
solve this specific problem.

Can anyone shed some light on this situation or provide some pointers to
better ssh system administration information? I have seen this subject pop
up before and haven't been able to find a satisfactory explaination or
solution to entropy problems.

Dave


SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f).
debug: Reading configuration data ~user/.ssh/config
debug: ssh_connect: getuid 100 geteuid 0 anon 0
debug: Connecting to remote-site [ip-address] port 22.
debug: Command 'ls -alni /var/adm' timed out
debug: Command 'ls -alni /var/mail' exit status was 2
debug: Command 'ls -alni /proc' timed out
debug: Command 'ls -alni /tmp' timed out
debug: Command 'netstat -an' timed out
debug: Command 'netstat -in' timed out
debug: Command 'netstat -rn' timed out
debug: Command 'netstat -pn' timed out
debug: Command 'netstat -s' timed out
debug: Command 'arp -a -n' timed out
debug: Command 'ifconfig -a' timed out
debug: Command 'ps -al' timed out
debug: Command 'ps -efl' timed out
debug: Command 'w' timed out
debug: Command 'last' timed out
debug: Command 'df' timed out
debug: Command 'vmstat' timed out
debug: Command 'ipcs -a' timed out
debug: Command 'tail -200 /var/log/syslog' timed out
debug: Command 'tail -200 /var/adm/messages' timed out
debug: Seeded RNG with 8 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
Not enough entropy in RNG
debug: Calling cleanup 0x4b530(0x0)
debug: writing PRNG seed to file ~user/.ssh/prng_seed




---------------------------------------------------------------------
To unsubscribe, e-mail: secureshell-unsubscribe at securityfocus.com
For additional commands, e-mail: secureshell-help at securityfocus.com




More information about the openssh-unix-dev mailing list