https://community.hpe.com/t5/operating-system-hp-ux/hp-secure-shell-3-61-001-still-broken-on-non-dev-urandom-systems/m-p/3074351#M751640 Hi, <BR /><BR />Experiencing the same problem on 11.00<BR /> PRNG seed extration failed<BR /> ssh-rand-helper child produced insufficient data<BR />Adapted the ssh_prng_cmds as described above<BR /><BR />Thnx a lot<BR /> Fri, 17 Oct 2003 02:40:54 GMT TEC-HP 2003-10-17T02:40:54Z https://community.hpe.com/t5/operating-system-hp-ux/hp-secure-shell-3-61-001-still-broken-on-non-dev-urandom-systems/m-p/3074350#M751639 Hi there,<BR /><BR />I just installed the new HP ssh 3.61.001 and had to find out that the<BR />ssh_prng_cmds ist still broken.<BR />HP: Your programmers are real funny people. They tried to fix the broken<BR />file and they managed to fix 2 (letters two) lines:<BR /><BR /><SNIP><BR />"ls -alni /var/log" /usr/bin/ls 0.02<BR />"ls -alni /var/adm" /usr/bin/ls 0.02<BR />"ls -alni /var/log" @PROG_LS@ 0.02<BR />"ls -alni /var/adm" @PROG_LS@ 0.02<BR />..<BR /><SNIP><BR /><BR />These 2 lines are correct now... but all the others are still not.<BR /><BR />So I'm asking again: Can you please fix this file so entropy is<BR />generated on non /dev/urandom machines too?<BR />Alternatively you can distribute the RNG patch for 11.00 and 11.22 too...<BR />but I think the first thing is easier.<BR /><BR />BTW: Why is there no RNG for 11.22 yet?<BR /><BR />Some of the commands in the ssh_prng_cmds file are still not applicable<BR />to HP-UX.. In case you need an exapmle I post my file here:<BR /><BR /><SNIP><BR />"ls -alni /var/log" undef 0.02<BR />"ls -alni /var/adm" /bin/ls 0.02<BR />"ls -alni /usr/adm" /bin/ls 0.02<BR />"ls -alni /var/mail" /bin/ls 0.02<BR />"ls -alni /usr/mail" /bin/ls 0.02<BR />"ls -alni /var/adm/syslog" /bin/ls 0.02<BR />"ls -alni /usr/adm/syslog" /bin/ls 0.02<BR />"ls -alni /tmp" /bin/ls 0.02<BR />"ls -alni /var/tmp" /bin/ls 0.02<BR />"ls -alni /usr/tmp" /bin/ls 0.02<BR /><BR />"netstat -an" /bin/netstat 0.05<BR />"netstat -in" /bin/netstat 0.05<BR />"netstat -rn" /bin/netstat 0.02<BR />"netstat -p tcp" /bin/netstat 0.02<BR />"netstat -s" /bin/netstat 0.02<BR />"netstat -is" /bin/netstat 0.07<BR /><BR />"arp -an" /usr/sbin/arp 0.02<BR /><BR />"ps laxww" /bin/ps 0.03<BR />"ps -al" /bin/ps 0.03<BR />"ps -efl" /bin/ps 0.03<BR /><BR />"w" /bin/w 0.05<BR /><BR />"who -u" /bin/who 0.01<BR /><BR />"last" /bin/last 0.01<BR /><BR /># Dn't include df here... stale NFS will hang ssh then<BR />#"df" /bin/df 0.01<BR />#"df -i" /bin/df 0.01<BR /><BR /><BR />"vmstat" /bin/vmstat 0.01<BR />"uptime" /bin/uptime 0.01<BR /><BR />"ipcs -a" /bin/ipcs 0.01<BR /><BR />"tail -200 /var/adm/syslog/syslog.log" /bin/tail 0.01<BR />"tail -200 /var/adm/syslog/mail.log" /bin/tail 0.01<BR />"tail -200 /usr/tivoli/lcf/dat/1/lcfd.log" /bin/tail 0.01<BR /><SNIP><BR /><BR />There is a big chance to fix this in 3.7.1 without much trouble.<BR />I think you have to release this version soon because of the security hole<BR />in all versions prior to 3.7.<BR />See also CERT?? Advisory CA-2003-24 Buffer Management Vulnerability in OpenSSH<BR /><BR />Best regards,<BR />Armin<BR /></SNIP></SNIP></SNIP></SNIP> Thu, 18 Sep 2003 14:23:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/hp-secure-shell-3-61-001-still-broken-on-non-dev-urandom-systems/m-p/3074350#M751639 Armin Kunaschik 2003-09-18T14:23:30Z https://community.hpe.com/t5/operating-system-hp-ux/hp-secure-shell-3-61-001-still-broken-on-non-dev-urandom-systems/m-p/3074351#M751640 Hi, <BR /><BR />Experiencing the same problem on 11.00<BR /> PRNG seed extration failed<BR /> ssh-rand-helper child produced insufficient data<BR />Adapted the ssh_prng_cmds as described above<BR /><BR />Thnx a lot<BR /> Fri, 17 Oct 2003 02:40:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/hp-secure-shell-3-61-001-still-broken-on-non-dev-urandom-systems/m-p/3074351#M751640 TEC-HP 2003-10-17T02:40:54Z