HPE Community
Operating System - HP-UX
1753804 Members
7686 Online
108805 Solutions
New Discussion юеВ

ssh-rand-helper eating up cpu time

 
Robert Early_3
Advisor

тАО02-14-2003 04:06 AM

тАО02-14-2003 04:06 AM

ssh-rand-helper eating up cpu time

I have installed the latest version of openssh, but what I see appearing are several "ls" processes being spawned by ssh-rand-helper that take up an awful lot of cpu time. I had a look at ssh_prng_cmds which I assume defines what commands the ssh-rand-helper program uses? I tried commenting out all the ls commands from this but yet the appear. Anyone have any idea how to reduce the CPU usage of it?
0 Kudos
Reply
2 REPLIES 2
Berlene Herren
Honored Contributor

тАО02-18-2003 07:17 AM

тАО02-18-2003 07:17 AM

Re: ssh-rand-helper eating up cpu time

these commands are used to generate the seed for the pseudo-random number generator (PRNG). The quality of the encryption is dependent on the quality of the random numbers generated by the PRNG. The commands
run to seed the PRNG each have a "rating" of how random the bits they
produce are (it's the last item on each line of that file). If you just start removing lines, it may not be able to generate enough bits to seed the PNRG and ssh will then refuse to run.

The commands that are being run are listed in /opt/ssh/etc/ssh_prng_cmds. If you wish to remove things from the list of commands, that is where to do so.


Windows doesn't run these commands because some of these commands don't
exist in windows. I haven't looked at how windows does it. Windows may do something similar or it may use one of the other methods of seeding
the PRNG. In a future release of HP-UX, it is planned that something
called /dev/random (might have a different name) where the OS provides random numbers directly. When this is available, SSH can use it and be made much faster. Some competing OS already have something like
/dev/random. There are a couple of other randowm number generating system out there. The method used by SSH was chosen because it is the most universal and does not require other packages to be installed.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
rick jones
Honored Contributor

тАО02-18-2003 11:06 AM

тАО02-18-2003 11:06 AM

Re: ssh-rand-helper eating up cpu time

Indeed, there is a web release of bits to implement /dev/random for HP-UX 11i. If you go to www.software.hp.com and search for "random" you should find "HP-UX Strong Random Number Generator" as a no-charge download.

As for its being used by OpenSSH under HP-UX, that is left as an excercise to the reader :) If the HP-supplied SSH bits (also on www.software.hp.com) do not use it (tusc would show an opening of /dev/random) that would (IMO) warrant the submittal of an ER against the HP SSH bits. It would be an ER and not a CR/SR because the SSH bits shipped before the /dev/random bits were out there :)
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.