openssl 9.3 and openssl 3.1
Nathan Wagner
nw at hydaspes.if.org
Sun Mar 19 12:15:01 AEDT 2023
I'm trying to compile openssh with openssl 3.1 on a linux machine with
kernel 4.15.10. I seem to get stuck at:
configure: error: OpenSSH has no source of random numbers. Please
configure OpenSSL with an entropy source or re-run configure using one
of the --with-prngd-port or --with-prngd-socket options
I haven't done anything special in configuring openssl. If I have read
the configuration for openssl correctly, with will default to the 'os'
source, which I think then is getrandom(2).
I think the check in openssh for this is a call to RAND_status(), which
is apparently returning a failure.
I can't compile without openssl, because I need to allow RSA keys.
Any work arounds? Ideas follow.
Compile openssh with /dev/urandom as the prngd-socket?
Edit the configure script to force a success where RAND_status()
is called?
Call whatever openssl needs to initialize the random seed somewhere
early in openssh startup? It may already do this, I see calls to
RAND_seed() in sshd.c.
More generally, would it make sense (on linux at least) to use
getrandom() if available, or /dev/urandom otherwise regardless
of whether or not openssl is used?
--
nw
More information about the openssh-unix-dev
mailing list