Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: OpenSSH install
Operating Systems HP-UX OpenSSH install Post 302156151 by Neo on Monday 7th of January 2008 11:41:55 AM
Old 01-07-2008
Did you read this?

OpenSSL: Support, Frequently Asked Questions

Quote:
1. Why do I get a "PRNG not seeded" error message?
Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available.

On other systems, applications have to call the RAND_add() or RAND_seed() function with appropriate data before generating keys or performing public key encryption. (These functions initialize the pseudo-random number generator, PRNG.) Some broken applications do not do this. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the random number generator has not been seeded with at least 128 bits of randomness. If this error occurs and is not discussed in the documentation of the application you are using, please contact the author of that application; it is likely that it never worked correctly. OpenSSL 0.9.5 and later make the error visible by refusing to perform potentially insecure encryption.

If you are using Solaris 8, you can add /dev/urandom and /dev/random devices by installing patch 112438 (Sparc) or 112439 (x86), which are available via the Patchfinder at SunSolve Home Page (Solaris 9 includes these devices by default). For /dev/random support for earlier Solaris versions, see Sun's statement at SunSolve (the SUNWski package is available in patch 105710).

On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for details. Starting with version 0.9.7, OpenSSL will automatically look for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy.

Most components of the openssl command line utility automatically try to seed the random number generator from a file. The name of the default seeding file is determined as follows: If environment variable RANDFILE is set, then it names the seeding file. Otherwise if environment variable HOME is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file .rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL 0.9.6b and later will behave similarly to 0.9.6a, but will use a default of "C:\" for HOME on Windows systems if the environment variable has not been set.

If the default seeding file does not exist or is too short, the "PRNG not seeded" error message may occur.

The openssl command line utility will write back a new state to the default seeding file (and create this file if necessary) unless there was no sufficient seeding.

Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use the "-rand" option of the OpenSSL command line tools instead. The $RANDFILE environment variable and $HOME/.rnd are only used by the OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

OpenSSH

Help! SSH is returning the following error message: OpenSSL version mismatch. Built against 90581f, you have 90602f How can I correct this? (21 Replies)
Discussion started by: chenly
21 Replies

2. UNIX for Advanced & Expert Users

How to install OpenSSh in tru64 4.0F??

I had been searching and i guess ssh is not available for 4.0F, the option is to install OpenSSh, but i don't know hw to do it!! :confused: Would someone pls send me some instrctions about the insalation and where can i download the OpenSSH??? Tks a lot!!! :) (1 Reply)
Discussion started by: irasela
1 Replies

3. Solaris

Install & configure Openssh In Solaris 8

I hope someone out there can help. I'm trying to install & configure Openssh to my Solaris, I downloaded & Installed the following pkgs : openssh-4.4p1-sol8-sparc-local.gz openssl-0.9.8d-sol8-sparc-local.gz tcp_wrappers-7.6-sol8-sparc-local.gz zlib-1.2.1-sol8-sparc-local.gz... (6 Replies)
Discussion started by: Remi
6 Replies

4. AIX

how to install openSSH in AIX 5.3?

Guys I need to install openSSH on AIX 5.3? First problem is : i am unable to find openSSH 3.8.1 freeware on the net ?pls pass on any links if you have. Second problem is : installation.Although i know how to install rpm packages,installing SSH is bit diffrent.But that second issue. Can... (16 Replies)
Discussion started by: ak835
16 Replies

5. Linux

install macbook pro fedora10 ???((<<if can install, how to install? >> ))

If may install can Tells everybody ??? (0 Replies)
Discussion started by: kzBSD
0 Replies

6. UNIX Desktop Questions & Answers

OpenSSH

Hello, I downloaded Cygwin to practice on my coursework from home. I was told to download the OpenSSH from Cygwin website so that I can access my files from home. However, the file saves itself with a cgi extension and I have no idea as to what I am supposed to do next. I found info on some... (1 Reply)
Discussion started by: feliks0
1 Replies

7. Red Hat

how to install Openssh in linux machine

Hi genious i'm New to Linux .. help me Very Urgent how to install Openssh in linux machine step by step .... plz (3 Replies)
Discussion started by: coolboys
3 Replies

8. AIX

Troubleshooting OpenSSH 6.2 Install on AIX 7.1

*SOLVED. please see edit at bottom* Hello, I have a freshly installed AIX 7.1 that I would like to enable SSH on. I believe I need OpenSSH and OpenSSL to do this. OpenSSL was already installed, so I moved onto installing OpenSSH. I downloaded OpenSSH 6.2 from this site that claims support... (0 Replies)
Discussion started by: bstring
0 Replies

9. Red Hat

Openssh 6.8

Hi im using redhat enterprise linux 7 im trying to update to the latest openssh version 6.8 i ran the command yum update openssh and this upgraded only to version 6.6 how can i update to the latest version 6.8? thanks! (5 Replies)
Discussion started by: guy3145
5 Replies

10. AIX

Openssh install failed on AIX 6.1

im new to aix... my task is suppose to be simple. install openssh i followed this article: Installing OpenSSH and OpenSSL on AIX 6.1 | Keymon's snippets and brushstrokes when i try to start the sshd service with the command: "startsrc -s sshd" im getting an error saying: "the sshd subsystem... (6 Replies)
Discussion started by: guy3145
6 Replies

LEARN ABOUT OPENSOLARIS

rand_screen

RAND_add(3openssl)						      OpenSSL							RAND_add(3openssl)

NAME

       RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add entropy to the PRNG

SYNOPSIS

	#include <openssl/rand.h>

	void RAND_seed(const void *buf, int num);

	void RAND_add(const void *buf, int num, double entropy);

	int  RAND_status(void);

	int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
	void RAND_screen(void);

DESCRIPTION

       RAND_add() mixes the num bytes at buf into the PRNG state. Thus, if the data at buf are unpredictable to an adversary, this increases the
       uncertainty about the state and makes the PRNG output less predictable. Suitable input comes from user interaction (random key presses,
       mouse movements) and certain hardware events. The entropy argument is (the lower bound of) an estimate of how much randomness is contained
       in buf, measured in bytes. Details about sources of randomness and how to estimate their entropy can be found in the literature, e.g. RFC
       1750.

       RAND_add() may be called with sensitive data such as user entered passwords. The seed values cannot be recovered from the PRNG output.

       OpenSSL makes sure that the PRNG state is unique for each thread. On systems that provide /dev/urandom, the randomness device is used to
       seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add(),
       RAND_egd(3) or RAND_load_file(3).

       RAND_seed() is equivalent to RAND_add() when num == entropy.

       RAND_event() collects the entropy from Windows events such as mouse movements and other user interaction. It should be called with the
       iMsg, wParam and lParam arguments of all messages sent to the window procedure. It will estimate the entropy contained in the event message
       (if any), and add it to the PRNG. The program can then process the messages as usual.

       The RAND_screen() function is available for the convenience of Windows programmers. It adds the current contents of the screen to the PRNG.
       For applications that can catch Windows events, seeding the PRNG by calling RAND_event() is a significantly better source of randomness. It
       should be noted that both methods cannot be used on servers that run without user interaction.

RETURN VALUES

       RAND_status() and RAND_event() return 1 if the PRNG has been seeded with enough data, 0 otherwise.

       The other functions do not return values.

SEE ALSO

       rand(3), RAND_egd(3), RAND_load_file(3), RAND_cleanup(3)

HISTORY

       RAND_seed() and RAND_screen() are available in all versions of SSLeay and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
       0.9.5, RAND_event() in OpenSSL 0.9.5a.

OpenSSL-0.9.8							    Oct 11 2005 						RAND_add(3openssl)
All times are GMT -4. The time now is 09:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy