Ether /dev/random *OR* PRNGd.
- Ben
On 28 Sep 2001, Ben Ricker wrote:
> I am a little confused: do you need both /dev/random AND PRNGd or either
> /dev/random OR PRNGd when running SSH on Solaris?
>
> Ben Ricker
> System Administrator
> Wellinx.com
>
> On Fri, 2001-09-28 at 13:27, [EMAIL PROTECTED] wrote:
> >
> > OpenSSH has has a built in entropy system for a long time. I strong
> > suggest anyone on Solaris to run PRNGd. It is a much smaller foot print
> > then egd (since it does not use perl), and it is very well written.
> >
> > Any built in entropy system for OpenSSH or commerical SSH is going to be
> > short term and not be as good in quality as /dev/{u}random or PRNGd.
> >
> > - Ben
> >
> > On Fri, 28 Sep 2001, Phil Stracchino wrote:
> >
> > > On Fri, Sep 28, 2001 at 08:26:02AM -0700, Dave Thiede wrote:
> > > >
> > > > I have been experiencing problems with remote data collection systems
> > > > reporting not enough entropy in RNG. It mostly seems to be self correcting
> > > > since a retry of the data transport succeeds. One system however shows
> > > > the following everytime an ssh connection is attempted. Interactive
> > > > commands do not seem to be affected. I have perused the code but the
> > > > entropy gatherer seems to be fairly simple and I see no reason for the
> > > > commands to be mostly timing out. There must be some kind of timer in the
> > > > ssh code to cause this that I haven't found yet.
> > > >
> > > > This system is running Solaris 5.7 with a really old version of openSSH as
> > > > you can see. There are no X windows on these sysetms nor usually any
> > > > keyboard interaction. I have a task to upgrade these systems but from the
> > > > release notes, I don't have a very high confidence that an upgrade will
> > > > solve this specific problem.
> > >
> > > What are you using as an entropy source for SSH on this machine? You
> > > should of course be aware that Solaris does not have a /dev/random or
> > > /dev/urandom (bad Sun, bad!, no donut), and therefore an external entropy
> > > source is required in order to use SSH on Solaris. There are several out
> > > there, and I've never had any joy with either of them.
> > >
> > > An entropy source is included with OpenSSH releases from 2.9 on. I find
> > > this makes things much happier than trying to use any of the standalone
> > > entropy gatherers like egd. In this case, upgrading very probably *will*
> > > solve your problem.
> > >
> > >
> > >
> > > --
> > > Linux Now! .........Because friends don't let friends use Microsoft.
> > > phil stracchino :: [EMAIL PROTECTED] :: [EMAIL PROTECTED]
> > > unix ronin :::: renaissance man :::: mystic zen biker geek
> > > 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
