HPE Community
Operating System - HP-UX
1821063 Members
2607 Online
109631 Solutions
New Discussion

Couldn't connect to PRNGD socket "/dev/egd-pool": Connection refused

 
R.SRIDHAR
Occasional Advisor

‎07-27-2009 04:08 PM

‎07-27-2009 04:08 PM

Couldn't connect to PRNGD socket "/dev/egd-pool": Connection refused

When i tried to ssh form a particular account i am getting the following error

==========================
[tibtst2: /home/tibco]$ ssh tibprd3
Couldn't connect to PRNGD socket "/dev/egd-pool": Connection refused
Entropy collection failed
ssh-rand-helper child produced insufficient data
========================
Kindly help me to solve this..
0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎07-27-2009 05:42 PM

‎07-27-2009 05:42 PM

Re: Couldn't connect to PRNGD socket "/dev/egd-pool": Connection refused

Your tibtst2 machine apparently does not have /dev/random, so you're probably running HP-UX 11.11 or older.

Therefore, your ssh client had to use "ssh-rand-helper" to try to gather enough random numbers for initializing the SSH session keys. "ssh-rand-helper" is a shell script that attempts to use various sources to get random numbers. It is a last resort, to be used only if better alternatives are not available.

Your SSH client apparently isn't the current HP Secure Shell. On some Unix-like operating systems, /dev/egd-pool is the standard location for PRNGD socket, but on HP-UX, the socket is more often found in /var/run/egd-pool.

Prngd is included with HP's OpenSSL packages, and it is automatically used if the OS does not have /dev/random and /dev/urandom. When it starts (normally when the system boots), it automatically creates the egd-pool socket.

Please read:
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

If you have a non-HP prngd installed, try restarting it.

HP has a free optional product (a kernel module) for HP-UX 11.11 that provides /dev/random and /dev/urandom and eliminates the need for prngd:
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

For 11.23 and newer, the same functionality is included in HP-UX as standard.

Installing the KRNG11i product requires a system reboot, but I'd really recommend installing it for all 11.11 systems where ssh and/or OpenSSL is used a lot. Because the KRNG11i works at the kernel level, it can produce random numbers faster and more reliably than userspace solutions like prngd and ssh-rand-helper.

If your system is running HP-UX 11.00, you might consider this:
http://www.josvisser.nl/hpux11-random/

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.