HPE Community
Operating System - HP-UX
1833682 Members
4800 Online
110062 Solutions
New Discussion

Re: ssh PRNGD socket

 
SOLVED
Go to solution
Peter Lachnitt
Advisor

‎06-27-2007 10:46 PM

‎06-27-2007 10:46 PM

ssh PRNGD socket

Hello,

after update ssh from A.04.40.006 to
A.04.50.003 on hpux 11.11 I get this message if I open a ssh connect:

Couldn't connect to PRNGD socket "/var/run/egd-pool" Connection refused":

But still the ssh works fine. I dont no where the message comes from and where I can switch off this message.

How can I correct this?

Thanks

Peter

Peter Lachnitt
0 Kudos
Reply
3 REPLIES 3
Ralph Grothe
Honored Contributor

‎06-27-2007 11:30 PM

‎06-27-2007 11:30 PM

Re: ssh PRNGD socket

Does your server have a /dev/random device?
Probably not, but you can check

e.g.

$ ll /dev/{u,}random

or

# ps -fp "$(fuser -u /dev/{u,}random 2>/dev/null)"

On session start a session key must be generated for encryption of the session.
For this arithmetically challenging process a certain degree of entropy is required which processes like the sshd are retreiving either by a pseudo random number generating device like /dev/random (fed from kernel space I assume),
or from a unix domain socket filled by a separate (user space) entropy gathering daemon (egd).
There exists a hp-ux kernel patch I beleive that can supply your system with a /dev/random, but it will require a reboot.
The drawback of the separate egd could be that the initilization time for ssh sessions might take a little longer.
Madness, thy name is system administration
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎06-27-2007 11:48 PM

‎06-27-2007 11:48 PM

Solution

Re: ssh PRNGD socket

It took a while to find one of our HP hosts that isn't using a /dev/random but resorts to prngd, which must be supplied by some OpenSSL contrib package.
I assume that the HP port of OpenSSH is using this as a fall back if it cannot find a /dev/random.
Do you have a prngd process running at all?

e.g.

$ UNIX95= ps -xC prngd -o user,args
USER COMMAND
root /opt/openssl/prngd/prngd -n -c /opt/openssl/prngd/prngd.conf /var/run/egd-pool
Madness, thy name is system administration
Reply
Peter Lachnitt
Advisor

‎06-28-2007 01:52 AM

‎06-28-2007 01:52 AM

Re: ssh PRNGD socket

Thanks to all.

I'am install KRNG11I (Strong Random Number Generator) from HP and now ssh works fine without anny messages.

Regards Peter
Peter Lachnitt
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.