>From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] >> After upgrading to openSSL-0.9.6g and reinstalling >openssh_3.4p1, I can't get ssh or sshd to work. As soon as I >try to start the sshd daemon or an ssh session, I immediately >get the command line error "PRNG is not seeded".
>I doubt that your observation has in fact to do with the new >OpenSSL version. >* Did you recompile everything? I recompiled openssl from source but I used pkgadd (Solaris "rpm") to install openssh... hmmm... >* Did "configure" pick up the PRNGD socket at the correct location? didn't run configure since I used pkgadd. >* Run prngd in "-d" mode . It should show the incoming request > to obtain entropy bytes and its service. I don't see any debug from prngd when I try to start ssh. >* Use trace/strace/tusc (or what the system call tracer is > called on your platform) to check out, whether the socket is contacted at all. On Solaris, it's "truss" - Aha! Last thing before dying is that ssh tries to open /dev/urandom - which I don't have. So it looks like it is not requesting from prngd. So, it looks like the newly installed ssh is trying to get its entropy from /dev/urandom instead of prngd. That would explain the "not seeded" error. Incidentally, apache/mod_ssl is working fine with this prngd so, indeed, the problem doesn't lie there. It therefore looks like I need to sort out ssh. I would compile it from source but I run into the famous "Your OpenSSL headers do not match your library" error. I don't really see why it is complaining - is it finding a mismatch between /usr/local/ssl/include/*.h and /usr/local/ssl/lib/libssl.a? Should I do a full re-install of openssl? Rgds, Owen Boyle ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
