https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285753#M181127 Thanks all! Wed, 26 May 2004 03:16:54 GMT Adam Noble 2004-05-26T03:16:54Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285749#M181123 All hope somebody can help!!<BR /><BR />We use SSH on our servers and have been running a script which triggers numerous ssh connections to be established over a small period. This script works fine in the day however at 4 am in the morning we get the above error "PRNG not seeded"<BR /><BR />I am aware this means that it cannot establish the pseudo random number generator and this is required for the encryption for SSH. From the reading I have done I believe the problem is the fact that there is not enough activity on the system at the time the script is ran (not enough entropy, therefore randomeness). <BR /><BR />I'm happy this is the cause but I feel the only solution would be to install a random number generator on the server. I'm aware this is available on 11i but is it available on 11.00.<BR /><BR />Thanks<BR /><BR /><BR /><BR /><BR /><BR /> Tue, 25 May 2004 04:13:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285749#M181123 Adam Noble 2004-05-25T04:13:01Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285750#M181124 HP only supports Strong Random Number Generation for hpux11.11 I believe. However, there is a few third party (unsupported by HP) tools available. Here is one such tool for hpux11.00:<BR /><BR /><A href="http://www.josvisser.nl/hpux11-random/" target="_blank">http://www.josvisser.nl/hpux11-random/</A><BR /><BR />Another method is to run a dedicated daemon, one is called EGD(Entropy Gathering Daemon):<BR /><BR /><A href="http://www.lothar.com/tech/crypto/" target="_blank">http://www.lothar.com/tech/crypto/</A><BR /><BR /><BR /> Of the two listed above, I would go with the first. The kernel method which builds a /dev/random device.<BR /><BR />An interesting note, I read yesterday that a dedicated Random Number Generator (instead of the psuedo one that hpux uses by default) will increase the speed of some secure applications dramaticaly. Such as, if you have many users using Secure Shell, a dedicated Random Generator will increase performance of the SSH connections.<BR /><BR />Regards,<BR />Michael Tue, 25 May 2004 12:03:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285750#M181124 Michael Denney 2004-05-25T12:03:29Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285751#M181125 I started betting this problem about 4 weeks before the NIC card went kaput.<BR /><BR />mstm and make sure the NIC is solid.<BR /><BR />Problems on the target NIC do not usually cause this symptom.<BR /><BR />If booting helps, take a hard look at NIC and cabling.<BR /><BR />SEP Tue, 25 May 2004 12:04:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285751#M181125 Steven E. Protter 2004-05-25T12:04:51Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285752#M181126 You can install prngd for 11.0. Grab it from the HPUX porting and archive centre. I've used it on an 11.0 box where krng11i wasn't an option.<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/prngd-0.9.26/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/prngd-0.9.26/</A><BR /><BR />hope this helps,<BR />-denver Tue, 25 May 2004 12:06:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285752#M181126 Denver Osborn 2004-05-25T12:06:41Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285753#M181127 Thanks all! Wed, 26 May 2004 03:16:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-prng-not-seeded/m-p/3285753#M181127 Adam Noble 2004-05-26T03:16:54Z