HPE Community
Operating System - HP-UX
1833848 Members
2393 Online
110063 Solutions
New Discussion

Re: Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

 
SOLVED
Go to solution
Mary_27
New Member

‎04-10-2003 03:20 PM

‎04-10-2003 03:20 PM

Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

I install ssh onto one of our HP 11.00 servers and it's taking forever for the daemon to start up and the client to connect. When I ran the following "ssh -v -v -v hostname", I saw that it was getting stuck at the following message "Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper". When I ran "sshd -d -d -d", it waited at the same message. It takes the daemon 37 seconds to start and the client about 20 seconds to connect.

I installed prng v 0.9.26, zlib v 1.1.4, openssl v 0.9.6 and hp's T1471AA ssh package. I created the prng seed and manually ran it with "prngd -c /usr/local/bin/prngd.conf /var/run/egd-pool".

The installation package and instructions were user on more than 10 stations and this was the only one I had problems with. I checked the DNS and it seems fine. Is there something else I should try to get it working.

Thanks.
0 Kudos
Reply
4 REPLIES 4
Tim Maletic
Valued Contributor

‎04-11-2003 05:38 AM

‎04-11-2003 05:38 AM

Solution

Re: Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

Both openssh's internal psuedo-random number generator and PRNGD use a configurable list of system commands to run to generate entropy. Run each of the commands listed in that configuration file to see if any of them are hanging. For PRNGD, the file is usually /etc/prngd.conf. For HP's openssh, it should be /opt/ssh/etc/ssh_prng_cmds. (I've run into this problem when df is slow to return on IO-bound systems.) -Tim
Reply
Berlene Herren
Honored Contributor

‎04-11-2003 05:52 AM

‎04-11-2003 05:52 AM

Re: Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

these commands are used to generate the seed for the pseudo-random
number generator (PRNG). The quality of the encryption is dependent on the quality of the random numbers generated by the PRNG. The commands
run to seed the PRNG each have a "rating" of how random the bits they
produce are (it's the last item on each line of that file). If you just start removing lines, it may not be able to generate enough bits to seed the PNRG and ssh will then refuse to run.

The commands that are being run are listed in
/opt/ssh/etc/ssh_prng_cmds.
If you wish to remove things from the list of commands, that is where to do so.


Windows doesn't run these commands because some of these commands don't
exist in windows. In current release of HP-UX Secure Shell (A.3.50),it uses /dev/random (might have a different name) where the OS provides random numbers directly. SSH can use it and be made much faster.

Berlene

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
http://www.mindspring.com/~bkherren/dobes/index.htm
Reply
doug hosking
Esteemed Contributor

‎04-11-2003 08:02 AM

‎04-11-2003 08:02 AM

Re: Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

For HP-UX 11i (not 11.00) see
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I

Unfortunately this does not exist for earlier HP-UX releases.

http://www.newfdawg.com/SSHpart5.htm

has some additional information that might be useful.

0 Kudos
Reply
Mary_27
New Member

‎04-14-2003 01:42 PM

‎04-14-2003 01:42 PM

Re: Seeing PRNG from /opt/ssh/libexec/ssh-rand-helper

Thanks big time. I was going crazy trying to figure out how to speed it up.

I ran every command on the ssh_prng_cmds file manually, and I almost fell out of my chair when I saw the service start in less than 2 seconds. Thank you very much.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.