On Thu, Apr 12, 2001 at 01:21:43AM +0100, Jon Wilson wrote:
> The OpenSSH was compiled from source. Redhat Sparc is very like Redhat
> i386, and does have /dev/random
>
> I have not been able to replicate this. Any ideas about how I might do so,
> or other (more technical?) forums I might discuss this matter in? I like
> (open)ssh, but it is not much use if it randomly crashes on boxes I have
> poor physical access to.
The best forum would probably be the specific openssh-unix-dev mailing list.
With respect to your problem: the error message you cited,
> > On Wed, Apr 11, 2001 at 01:43:48AM +0100, Jon Wilson wrote:
> > > I am getting the error: "Couldn't obtain random bytes (error 604389476)"
> > > from my openssh daemon.
means that the Pseudo Random Number Generator of the OpenSSL package
(that is used by OpenSSH) did not receive enough entropy.
When not enough seed was supplied, the OpenSSL PRNG will query the
/dev/urandom device to get additional entropy. Since /dev/urandom
is available on Linux and by definition will never be exhausted and
return as much "random bytes" as requested, you should never (read this
N-E-V-E-R) see this error as it should be impossible to occur.
Consequently I consider this to be a serious issue that will however
be difficult to track down if it is hard to reproduce.
* /dev/urandom fails to supply entropy. This would be kernel bug.
* The OpenSSL library fails to read from /dev/urandom. Why should this
happen? Wrong permissions on /dev/urandom? But sshd is run by root...
A but in the OpenSSL library? I don't think so, the code in question
is rather simple and no such failure has been reported for years.
(A compiler error damaging OpenSSL functionality???)
* Something odd with OpenSSH, but even then, the OpenSSL library will
query /dev/urandom itself, so it _cannot_ be OpenSSH...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
