Absolutely. The best option is NOT to use ssh-rand-helper. You need HCR77A0 or later to get ICSF /dev/random support *without* a crypto-express card.
If you look at our "IBM Ported Tools OpenSSH - Quick Install Guides" - http://dovetail.com/docs/coz/coz_index.html there is information on setup of /dev/random. Also - if you upgrade to z/OS OpenSSH 1.3 then you MUST use /dev/random. The crappy ssh-rand-helper is no longer an option. Kirk Wolf Dovetailed Technologies http://dovetail.com On Tue, Apr 14, 2015 at 6:56 AM, Mark Jacobs - Listserv < [email protected]> wrote: > You might want to consider upgrading ICSF to HCR77A1 or higher. If you do > you'll be able to use the hardware based random number generator even if > your processor doesn't have CryptoExpress cards installed. > > Mark Jacobs > > > Dazzo, Matt <mailto:[email protected]> >> April 14, 2015 at 7:51 AM >> >> We get this error intermittently on zos1.13. From my reading of the IBM >> Ported tools book and some help from Dovetailed a possible solution is to >> add environment variable _ZOS_SSH_PRNG_CMDS_TIMEOUT and increase the time >> out value. For testing purposes I added _ZOS_SSH_PRNG_CMDS_TIMEOUT=2000 >> to my user .profile. I then logoff and log on, enter into omvs and enter >> the env command to see if the variable is set. I do not see that variable >> in the list displayed. Am I adding this correctly? How do I check to see if >> the new variable has been set? >> >> Thanks, >> Matt >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> >> Please be alert for any emails that may ask you for login information or >> directs you to login via a link. If you believe this message is a phish or >> aren't sure whether this message is trustworthy, please send the original >> message as an attachment to '[email protected]'. >> >> > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
