openssl 9.3 and openssl 3.1

Nathan Wagner nw at hydaspes.if.org
Sun Mar 19 12:15:01 AEDT 2023


I'm trying to compile openssh with openssl 3.1 on a linux machine with
kernel 4.15.10.  I seem to get stuck at:

configure: error: OpenSSH has no source of random numbers. Please
configure OpenSSL with an entropy source or re-run configure using one
of the --with-prngd-port or --with-prngd-socket options

I haven't done anything special in configuring openssl.  If I have read
the configuration for openssl correctly, with will default to the 'os'
source, which I think then is getrandom(2).

I think the check in openssh for this is a call to RAND_status(), which
is apparently returning a failure.

I can't compile without openssl, because I need to allow RSA keys.

Any work arounds? Ideas follow.

Compile openssh with /dev/urandom as the prngd-socket?

Edit the configure script to force a success where RAND_status()
is called?

Call whatever openssl needs to initialize the random seed somewhere
early in openssh startup?  It may already do this, I see calls to
RAND_seed() in sshd.c.

More generally, would it make sense (on linux at least) to use
getrandom() if available, or /dev/urandom otherwise regardless
of whether or not openssl is used?

-- 
nw


More information about the openssh-unix-dev mailing list