[email protected] wrote:
Hello, all
I have a problem using OpenSSH (from the IBM delivered Ported Tools)
with z/OS 1.10. I cannot open a ssh session on one of our sysplexes. I
scanned the syslogd log file and this says:
fatal: ssh-rand-helper child produced insufficient data.
On z/OS 1.8 everything works just fine
I tried to run ssh-rand-helper manually (I know, that this should not be
run normally by hand) and it seems to produce a ~/.ssh/prng_seed.
Did I miss something? Is 1.10 more picky? On our sysprog system we
migrate from 1.8 to 1.10 and back all the time, we have no problems
there...
TIA
Wilco Boschman
The ssh-rand-helper is a very primitive way of generating random
numbers. While there are ways to change the commands used and to
increase the entropy, a better possibility is this:
Your installation seems to be the belastingdienst (Dutch version of the
I.R.S. in the US or the German ZIVIT). I would expect such installations
to be tight on security, therefore: do you by chance have crypto cards
(Crypto Express 2) installed on your zSeries systems? If yes, you can
use the CEX2C hardware to generate random numbers (via /dev/random)
which has much better performance and better randomness.
If you can use this feature, the Ported Tools OpenSSH book has a
description on how to use /dev/random.
--
Ulrich Boche
SVA GmbH, Germany
IBM Premier Business Partner
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
