HPE Community
Operating System - HP-UX
1822382 Members
2974 Online
109642 Solutions
New Discussion юеВ

SSH PRNG not seeded

 
Adam Noble
Super Advisor

тАО05-24-2004 09:13 PM

тАО05-24-2004 09:13 PM

SSH PRNG not seeded

All hope somebody can help!!

We use SSH on our servers and have been running a script which triggers numerous ssh connections to be established over a small period. This script works fine in the day however at 4 am in the morning we get the above error "PRNG not seeded"

I am aware this means that it cannot establish the pseudo random number generator and this is required for the encryption for SSH. From the reading I have done I believe the problem is the fact that there is not enough activity on the system at the time the script is ran (not enough entropy, therefore randomeness).

I'm happy this is the cause but I feel the only solution would be to install a random number generator on the server. I'm aware this is available on 11i but is it available on 11.00.

Thanks





0 Kudos
Reply
4 REPLIES 4
Michael Denney
Valued Contributor

тАО05-25-2004 05:03 AM

тАО05-25-2004 05:03 AM

Re: SSH PRNG not seeded

HP only supports Strong Random Number Generation for hpux11.11 I believe. However, there is a few third party (unsupported by HP) tools available. Here is one such tool for hpux11.00:

http://www.josvisser.nl/hpux11-random/

Another method is to run a dedicated daemon, one is called EGD(Entropy Gathering Daemon):

http://www.lothar.com/tech/crypto/


Of the two listed above, I would go with the first. The kernel method which builds a /dev/random device.

An interesting note, I read yesterday that a dedicated Random Number Generator (instead of the psuedo one that hpux uses by default) will increase the speed of some secure applications dramaticaly. Such as, if you have many users using Secure Shell, a dedicated Random Generator will increase performance of the SSH connections.

Regards,
Michael
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-25-2004 05:04 AM

тАО05-25-2004 05:04 AM

Re: SSH PRNG not seeded

I started betting this problem about 4 weeks before the NIC card went kaput.

mstm and make sure the NIC is solid.

Problems on the target NIC do not usually cause this symptom.

If booting helps, take a hard look at NIC and cabling.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО05-25-2004 05:06 AM

тАО05-25-2004 05:06 AM

Re: SSH PRNG not seeded

You can install prngd for 11.0. Grab it from the HPUX porting and archive centre. I've used it on an 11.0 box where krng11i wasn't an option.

http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/prngd-0.9.26/

hope this helps,
-denver
0 Kudos
Reply
Adam Noble
Super Advisor

тАО05-25-2004 08:16 PM

тАО05-25-2004 08:16 PM

Re: SSH PRNG not seeded

Thanks all!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.