Error when cross configuring openssh 4.2p1

Darren Tucker dtucker at zip.com.au
Sat Oct 15 14:40:17 EST 2005 

openssh at baker-net.org.uk wrote:
> On Tuesday 11 October 2005 23:24, Darren Tucker wrote:
>> http://bugzilla.mindrot.org/show_bug.cgi?id=1097
>>
>> I'm pretty sure it addresses #1, not sure about #2.
>>
>> If you can confirm that it works OK then we can apply it too.
> 
> I can confirm that it fixes the first problem but not the second. I've only 
> tried building so far, not running but as I'm running a version I built by 
> defaulting the first test I'm fairly confident this patch will behave the 
> same.

I've attached another patch which tries to fix the /etc/default/login thing.

> I also noticed that the code to build/etc/ssh/ssh_prng_cmds  generates 
> commands that work on the host rather than the target when cross compiling. 
> This doesn't matter too much as it won't be used unless the user specifies 
> --with-rand-helper as it is assumed SSLs PRNG is seeded internally for cross 
> compiles but the failure mechanism isn't good - If I'm reading correctly any 
> commands not supported on the target will just not be used for entropy 
> generation potentially resulting in lower than expected entropy, possibly 
> even completely predictable on small systems. As it isn't possible to 
> generate this reliably when cross compiling the ideal option would be to 
> force the user to supply a file of commands to use if it will be used but I'm 
> happy to accept that may be too much effort to be worthwhile for a rare 
> problem.

Regardless of the where the commands come from, you still have to have 
enough of them working to provide enough entropy (based on the 
entropy-per-byte estimates in ssh_prng_cmds) for OpenSSL's prng to 
consider itself seeded.

> If you want a cross compile environment to test any future patches in then Dan 
> Kegel's crosstool[...]

Thanks, I'll check that out.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list