- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- /dev/random & SSH
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2003 07:47 AM
тАО02-19-2003 07:47 AM
Re: /dev/random & SSH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 01:10 AM
тАО03-13-2003 01:10 AM
Re: /dev/random & SSH
Thanks for the install howto, but it seems not to describe the current KRNG11i package.
swlist shows
KRNG11i B.11.11.06 HP-UX 11.11 Strong Random Number Generator
However, no /dev/random or /dev/urandom
a lsdev -e 57 shows
Character Block Driver Class
57 1 dmp vxvm
Also no startup scripts in the package. Any idea how to get the /dev/random devices?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 01:27 AM
тАО03-13-2003 01:27 AM
Re: /dev/random & SSH
http://sourceforge.net/projects/egd/
Enjoy, have FUN! H.Merijn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 03:43 AM
тАО03-13-2003 03:43 AM
Re: /dev/random & SSH
Michal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 07:57 AM
тАО03-13-2003 07:57 AM
Re: /dev/random & SSH
Your paper says: "For HP-SSH to utilize the new RNG no configuration changes need to be made to SSH." That doesn't sound right to me. Openssh's configure script attempts to find your entropy sources, and if it cannot find one, it uses its own fallback internal source. Getting openssh to recognize a new source of entropy, like a newly created /dev/urandom, will require a rebuild, unless I'm missing something.
[...tim spends hour playing with this stuff...]
OK, here's what I think happens. Openssl will detect and use a newly created /dev/[u]random at run time, even if that entropy source didn't exist at build time. But Openssh decides whether or not to use its internal entropy source at build time.
So for example, I had PRNGD running when I built openssl (0.9.6g), and then openssh (3.5p1). Now I stop prngd, and remove its socket. Openssh now stops functioning (i.e., the client dies with "Entropy collection failed" message). I then create HP's new /dev/[u]random devices, and -- whamo! -- openssh starts working again.
I suspect this is because openssh was built to use openssl's entropy, and openssl is smart enough to find the new device at run time. But if openssh was built to use its own entropy source, it will never find /dev/[u]random without a rebuild.
So the question for HP is, what entropy source does HP's SSH product use? My guess is that they'll have to ship a new product to make use of the new /dev/[u]random devices.
-Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 08:07 AM
тАО03-13-2003 08:07 AM
Re: /dev/random & SSH
By default, I believe HP uses the ~openssh2/etc/ssh_prng_cmds file for it's source.
It's just a list of commands and bit rates to generate the entropy.
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 08:46 AM
тАО03-13-2003 08:46 AM
Re: /dev/random & SSH
# kmadmin -s
Name ID Status Type
=====================================================
krm 1 LOADED WSIO
rng 2 LOADED WSIO
#
If it's not loading, check /etc/rc.config.d/kminit and SAM/Kernel/Drivers and make sure rng is listed as a loadable module.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 09:32 AM
тАО03-13-2003 09:32 AM
Re: /dev/random & SSH
It's not supported on 11.0 & lower.
My $0.02,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 09:50 AM
тАО03-13-2003 09:50 AM
Re: /dev/random & SSH
Thanks,
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2003 10:01 AM
тАО03-13-2003 10:01 AM
Re: /dev/random & SSH
I think you can figure out the entropy issue by looking at the files in:
/opt/ssh/src/ssh
According to the SSH O'Reilly book: SSH1 and SSH2 use a kernel-based randomness source if it is available, etc....
I think you only need to recompile if you wanted to use an add-on "randomness source", such as EGD, which is what you would need to do with 11.0.
- Chris