RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-18 07:30:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Mention PRNGd in documentation, it is nicer than EGD

Browse Source 
- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
This commit is contained in:
Damien Miller 2001-01-25 10:51:46 +11:00
parent 2a5c1cede0
commit 0736c4df83
5 changed files with 47 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -9,6 +9,8 @@
[bindresvport.c] [bindresvport.c]
in bindresvport(), if sin is non-NULL, example sin->sin_family for in bindresvport(), if sin is non-NULL, example sin->sin_family for
the actual family being processed the actual family being processed
- (djm) Mention PRNGd in documentation, it is nicer than EGD
- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
20010124 20010124
- (bal) OpenBSD Resync - (bal) OpenBSD Resync

18
INSTALL
View File

@ -29,10 +29,18 @@ passphrase requester. This is maintained separately at:
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
PRNGD:
If your system lacks Kernel based random collection, the use of Lutz
Jaenicke's PRNGd is recommended.
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
EGD:
The Entropy Gathering Daemon (EGD) is supported if you have a system which The Entropy Gathering Daemon (EGD) is supported if you have a system which
lacks /dev/random and don't want to use OpenSSH's internal entropy collection. lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
EGD:
http://www.lothar.com/tech/crypto/ http://www.lothar.com/tech/crypto/
GNU Make: GNU Make:
@ -110,10 +118,10 @@ headers, for this to work.
random numbers (the default is /dev/urandom). Unless you are absolutely random numbers (the default is /dev/urandom). Unless you are absolutely
sure of what you are doing, it is best to leave this alone. sure of what you are doing, it is best to leave this alone.
--with-egd-pool=/some/file allows you to enable Entropy Gathering --with-egd-pool=/some/file allows you to enable EGD or PRNGD support
Daemon support and to specify a EGD pool socket. Use this if your and to specify a EGD pool socket. Use this if your Unix lacks
Unix lacks /dev/random and you don't want to use OpenSSH's builtin /dev/random and you don't want to use OpenSSH's builtin entropy
entropy collection support. collection support.
--with-lastlog=FILE will specify the location of the lastlog file. --with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find ./configure searches a few locations for lastlog, but may not find

21
README
View File

@ -14,8 +14,8 @@ Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
homepage at http://www.openssh.com/ homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1] support and replacements for support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
OpenBSD library functions that are (regrettably) absent from other for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD
and Irix. Support for AIX, SCO, NeXT and other Unices is underway. and Irix. Support for AIX, SCO, NeXT and other Unices is underway.
This version actively tracks changes in the OpenBSD CVS repository. This version actively tracks changes in the OpenBSD CVS repository.
@ -24,7 +24,7 @@ The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication. all logins, not just when using password authentication.
OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
There is now several mailing lists for this port of OpenSSH. Please There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join. refer to http://www.openssh.com/list.html for details on how to join.
@ -37,11 +37,11 @@ If you are a citizen of the USA or another country which restricts
export of cryptographic products, then please refrain from sending export of cryptographic products, then please refrain from sending
crypto-related code or patches to the list. We cannot accept them. crypto-related code or patches to the list. We cannot accept them.
Other code contribution are accepted, but please follow the OpenBSD Other code contribution are accepted, but please follow the OpenBSD
style guidelines[5]. style guidelines[6].
Please refer to the INSTALL document for information on how to install Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6] port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips. for details and general tips.
Damien Miller <djm@mindrot.org> Damien Miller <djm@mindrot.org>
@ -56,8 +56,9 @@ References -
[0] http://www.openssh.com/faq.html [0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/ [1] http://www.lothar.com/tech/crypto/
[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/ [2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.openssl.org/ [3] ftp://ftp.freesoftware.com/pub/infozip/zlib/
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris) [4] http://www.openssl.org/
[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current [5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
[6] http://www.openssh.com/faq.html [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html

2
WARNING.RNG
View File

@ -16,6 +16,8 @@ key and impersonate you or your hosts.
If you are using the builtin random number support (configure will If you are using the builtin random number support (configure will
tell you if this is the case), then read this document in its entirety. tell you if this is the case), then read this document in its entirety.
Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
collects random numbers and makes them available by a socket.
Please also request that your OS vendor provides a kernel-based random Please also request that your OS vendor provides a kernel-based random
number collector (/dev/random) in future versions of your operating number collector (/dev/random) in future versions of your operating

22
configure.in
View File

@ -1043,7 +1043,7 @@ AC_CHECK_FILE("/dev/ptc",
# Check for user-specified random device, otherwise check /dev/urandom # Check for user-specified random device, otherwise check /dev/urandom
AC_ARG_WITH(random, AC_ARG_WITH(random,
[ --with-random=FILE read randomness from FILE (default=/dev/urandom)], [ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
[ [
if test "x$withval" != "xno" ; then if test "x$withval" != "xno" ; then
RANDOM_POOL="$withval"; RANDOM_POOL="$withval";
@ -1064,15 +1064,31 @@ AC_ARG_WITH(random,
# Check for EGD pool file # Check for EGD pool file
AC_ARG_WITH(egd-pool, AC_ARG_WITH(egd-pool,
[ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)], [ --with-egd-pool=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
[ [
if test "x$withval" != "xno" ; then if test "x$withval" != "xno" ; then
EGD_SOCKET="$withval"; EGD_SOCKET="$withval";
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
fi fi
],
[
# Check for existing socket only if we don't have a random device already
if test -z "$RANDOM_POOL" ; then
AC_MSG_CHECKING(for PRNGD/EGD socket)
# Insert other locations here
for egdsock in /var/run/egd-pool /etc/entropy ; do
if test -S $egdsock ; then
EGD_SOCKET="$egdsock"
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
AC_MSG_RESULT($egdsock)
break;
fi
done
fi
] ]
) )
# detect pathnames for entropy gathering commands, if we need them # detect pathnames for entropy gathering commands, if we need them
INSTALL_SSH_PRNG_CMDS="" INSTALL_SSH_PRNG_CMDS=""
rm -f prng_commands rm -f prng_commands
@ -1629,7 +1645,7 @@ if test ! -z "$RANDOM_POOL" ; then
RAND_MSG="Device ($RANDOM_POOL)" RAND_MSG="Device ($RANDOM_POOL)"
else else
if test ! -z "$EGD_SOCKET" ; then if test ! -z "$EGD_SOCKET" ; then
RAND_MSG="EGD ($EGD_SOCKET)" RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
else else
RAND_MSG="Builtin (timeout $entropy_timeout)" RAND_MSG="Builtin (timeout $entropy_timeout)"
BUILTIN_RNG=1 BUILTIN_RNG=1