HPE Community
Operating System - HP-UX
1834587 Members
3562 Online
110069 Solutions
New Discussion

Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

 
Jdamian
Respected Contributor

‎09-27-2003 09:30 AM

‎09-27-2003 09:30 AM

Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

After reading Security Bulletin SSRT3629 I installed new HP OpenSSH release (3.61.002) (product number is T1471AA).

But now my scripts fail intermitently. The error message is:

PRNG extraction failed
ssh-rand-helper child produced insufficient data


Can anybody help me ?
Thanx in advance
0 Kudos
Reply
16 REPLIES 16
Berlene Herren
Honored Contributor

‎09-30-2003 03:03 AM

‎09-30-2003 03:03 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Try replacing ssh_prng_cmds with a new one from /opt/ssh/old/opt/ssh/newconfig/opt/ssh/etc and try it again.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎09-30-2003 03:16 AM

‎09-30-2003 03:16 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Or install Random Numbers generator if you have hp-ux 11i.

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

‎10-12-2003 09:54 PM

‎10-12-2003 09:54 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Hi there,

I described this problem weeks ago and wrote
another description/request here:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=216991
No answer or even a note so far :-(

I posted a sample ssh_prng_cmds, try using this!

HP, please make a statement!
And now for something completely different...
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎10-12-2003 10:43 PM

‎10-12-2003 10:43 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Hello Armin,
I have inquired about this before, but I ask you and any others that are having this problem and have support contracts to open a call with our response center. I don't think this can be addressed on the forums, as I have seen no one else with this issue.

Thanks!
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-12-2003 11:27 PM

‎10-12-2003 11:27 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

This sounds like a tuning or localized problem to me. My shop is considered a heavy user of these programs and we are not experiencing this problem.

I'd radically check and see if nflocks,nfiles, kernel parameters need adjustment, beause you might be having trouble openning processes.

That also means swap, shmmax, shmseg are suspects but the last two of this group are probably not the problem.

There could be further data in /var/adm/syslog/syslog.log file.

Do either of you have a support contract? It seems HP is obvious to get some data on this problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jdamian
Respected Contributor

‎10-13-2003 12:20 AM

‎10-13-2003 12:20 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Hi Berlene.
I opened a call with my response centre, but they weren't able to solve this problem.

I reinstalled the system (HP-UX 11.00)and Open SSH 3.61.002 but the problem persists. It's a intermitent problem -- I cannot guess when it ocurrs.

I think I'm going to remove this Open SSH release.
0 Kudos
Reply
Jdamian
Respected Contributor

‎10-13-2003 02:18 AM

‎10-13-2003 02:18 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Hi Armi (I ask you because you're the only one I've found who experienced problems with this new OpenSSH release)

I've found other issue related to this new OpenSSH release... I noticed a lot of connections remain open (command 'last' shows them as 'still logged in'). This behaviour is not shown in previous releases of OpenSSH (in my case: release 3.10.002).

Would you mind you run 'last' command to check if this bizarre behaviour is also found in your system ?
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

‎10-13-2003 02:43 AM

‎10-13-2003 02:43 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Hi Damian,

I'm sorry, I can't find any hanging sshd's.
Are they really hanging or is "just" your wtmp broken (or not writte correctly)?
Maybe your HP-UX patch level is a bit outdated?

I just saw in rare cases (and in earlier versions) the error
you're describing and fixed it by replacing the ssh_prng_cmds.
I'm a bit tired to do the same thing to any new
ssh version... that's because I'm complaining every time ;-)

Regards,
Armin
And now for something completely different...
0 Kudos
Reply
TEC-HP
Frequent Advisor

‎10-16-2003 08:04 PM

‎10-16-2003 08:04 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Damian,

Can you plse give Armin 10 points as his solution works (adapting the ssh_prng_cmds).

I've received "thnx for the quick solution"-messages from our custommers
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-31-2004 08:18 PM

‎01-31-2004 08:18 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

I'm now having this trouble on an older box that does not have support.

Any solutions?

Does HP want to know anyway?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

‎02-01-2004 08:00 PM

‎02-01-2004 08:00 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Nope. Looks like HP want's to sit that problem out.
Getting a proper ssh_prng_cmds seemed to fix that issue every time.

I modified the file in my installation depot so
I don't have to do the extra copy:

- gunzip the file (it is gzipped, but has no .gz)
- edit
- gzip again and modifiy the file name back.
Looks like there is no checksum used to verify integrity...

The other option is to compile your ssh from scratch...
And now for something completely different...
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎03-09-2004 12:12 AM

‎03-09-2004 12:12 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Armin, have you tried the latest version to see if you still have issues with the prng commands?

Tks
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Jdamian
Respected Contributor

‎03-09-2004 12:31 AM

‎03-09-2004 12:31 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

The next paragraph is an extracted from /opt/ssh/README.hp file contained in T1471AA release A.03.71.000:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
1.1 What's New in HP-UX Secure Shell A.03.71


The following is a list of new features and enhancements in HP-UX Secure Shell
A.03.71.


* Enhanced ssh_prng_cmds file for random number generation

This version of HP-UX Secure Shell has an enhanced version of ssh_prng_cmds
file for random number generation on systems that do not have /dev/[u]random.
Network commands from this file are removed and this file has only simple
system commands. This is to avoid command failures that in turn results in
ssh-rand-helper failure with "ssh-rand-helper child produced insufficient data"
error. Currently,HP-UX 11i version 1.0 has a /dev/random patch and HP-UX 11i
version 2.0 contains /dev/random.

0 Kudos
Reply
John Payne_2
Honored Contributor

‎03-09-2004 03:04 AM

‎03-09-2004 03:04 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Try running the 32-bit version of ssh-rand-helper. It's in /opt/ssh/PA-RISC1.1/libexec. (It's ssh-rand-helper that can't get any info back from the commands that are spawned...)

If that works, try changing the link in /opt/ssh/libexec/ssh-rand-helper to point to the 32-bit one...

Hope it helps

John
Spoon!!!!
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

‎05-09-2004 08:43 PM

‎05-09-2004 08:43 PM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Berlene,

sorry for the long delay, I was quite busy :-(
The ssh_prng_cmds looks far better now.
I did not see the error anymore after installing
3.71.000.

Thanks for fixing this... finally :-)
Armin
And now for something completely different...
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎05-10-2004 12:19 AM

‎05-10-2004 12:19 AM

Re: Errorn reported by Open SSH 3.61.002 installed: PRNG extraction failed

Thank you for keeping on us until we did ..-) Also for providing work around information to the community!

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.