I am a little confused: do you need both /dev/random AND PRNGd or either
/dev/random OR PRNGd when running SSH on Solaris?
Ben Ricker
System Administrator
Wellinx.com
On Fri, 2001-09-28 at 13:27, [EMAIL PROTECTED] wrote:
>
> OpenSSH has has a built in entropy system for a long time. I strong
> suggest anyone on Solaris to run PRNGd. It is a much smaller foot print
> then egd (since it does not use perl), and it is very well written.
>
> Any built in entropy system for OpenSSH or commerical SSH is going to be
> short term and not be as good in quality as /dev/{u}random or PRNGd.
>
> - Ben
>
> On Fri, 28 Sep 2001, Phil Stracchino wrote:
>
> > On Fri, Sep 28, 2001 at 08:26:02AM -0700, Dave Thiede wrote:
> > >
> > > I have been experiencing problems with remote data collection systems
> > > reporting not enough entropy in RNG. It mostly seems to be self correcting
> > > since a retry of the data transport succeeds. One system however shows
> > > the following everytime an ssh connection is attempted. Interactive
> > > commands do not seem to be affected. I have perused the code but the
> > > entropy gatherer seems to be fairly simple and I see no reason for the
> > > commands to be mostly timing out. There must be some kind of timer in the
> > > ssh code to cause this that I haven't found yet.
> > >
> > > This system is running Solaris 5.7 with a really old version of openSSH as
> > > you can see. There are no X windows on these sysetms nor usually any
> > > keyboard interaction. I have a task to upgrade these systems but from the
> > > release notes, I don't have a very high confidence that an upgrade will
> > > solve this specific problem.
> >
> > What are you using as an entropy source for SSH on this machine? You
> > should of course be aware that Solaris does not have a /dev/random or
> > /dev/urandom (bad Sun, bad!, no donut), and therefore an external entropy
> > source is required in order to use SSH on Solaris. There are several out
> > there, and I've never had any joy with either of them.
> >
> > An entropy source is included with OpenSSH releases from 2.9 on. I find
> > this makes things much happier than trying to use any of the standalone
> > entropy gatherers like egd. In this case, upgrading very probably *will*
> > solve your problem.
> >
> >
> >
> > --
> > Linux Now! .........Because friends don't let friends use Microsoft.
> > phil stracchino :: [EMAIL PROTECTED] :: [EMAIL PROTECTED]
> > unix ronin :::: renaissance man :::: mystic zen biker geek
> > 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
