Hi there,
you wrote that installing Openssh 3.5 would fix the problem... this is right but only because the supplied ssh_prng_cmds is broken! It does not generate ANY entropy at all!
If you take a look at the file you see many entries like @PROG_LS@ which normaly should contain "/bin/ls" etc. The result is, that the commands are not found and no entropy is generated. Verify this by issueing the command /opt/ssh/libexec/ssh-rand-helper -vvv :
20166: debug1: loading PRNG seed from file //.ssh/prng_seed
20166: debug1: Seeded RNG with 3 bytes from system calls
20166: debug1: Loaded 52 entropy commands from /opt/ssh/etc/ssh_prng_cmds
20166: debug3: Reading output from 'ls -alni /var/log'
20166: debug3: Time elapsed: 1 msec
20166: debug2: Command 'ls -alni /var/log' exit status was 255
20166: debug3: Got 0.00 bytes of entropy from 'ls -alni /var/log'
20166: debug3: Reading output from 'ls -alni /var/adm'
20166: debug3: Time elapsed: 1 msec
*snip*
Every entry returns 255 (file not found)... this is far from being OK.
In addition the ssh_prng_cmds is not modified to follow HP-UX syntax of some commands, e.g. ls -alTi is not valid, ifconfig -a does not give any usable output, netstat -pn needs more options to display any "random data" etc...
HP, please fix this in all versions of openssh!
While doing this, please remove the df commands because it prevents you from logging in if the server has stale NFS mounts.
In general, to answer the first question, ssh-rand-helper -vvv is your friend if you have performance problems (and no /dev/random).
Regards,
Armin
And now for something completely different...
