Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
OpenSSH and Irix?
lars at larsshack
Apr 21, 2000, 7:23 AM
Post #1 of 4 (879 views)
Permalink
I'd like to install openssh across an Irix cluster where I work, but its
dependency on an "entropy pool" like /dev/urandom is making this
problematic -- especially because EGD has issues with Irix that making it
largely unusable.

Obviously, the original ssh relied on its own random number
generator. While this may not have provided the same degree of randomness
that is provided by the openssh implementation, it had the advantage of
being completely self contained.

Is there any reason why this can't be added to openssh as an
option? Something like --enable-cheap-random-numbers-with-lower-security,
or something like that. This would provide at least the same level as
security as ssh 1.2.27 (and would actually work, whereas at the moment
I've got sshd turned off because of the EGD problems).

Any thoughts? I don't have much crypto programming experience, so I've
implemented a cheap hack using random/initstate and friends which seems to
work, but I'd prefer to see a more "official" solution.

Incidentally, the configure script asks for reports on Irix 6.x
experience. Once the random number problem is out of the way, openssh
appears to work just fine.

Thanks,

-- Lars

--
Lars Kellogg-Stedman <lars@larsshack.org> --> http://www.larsshack.org/
Re: OpenSSH and Irix? [ In reply to ]
djm at mindrot
Apr 21, 2000, 9:22 PM
Post #2 of 4 (848 views)
Permalink
On Fri, 21 Apr 2000, Lars Kellogg-Stedman wrote:

> I'd like to install openssh across an Irix cluster where I work,
> but its dependency on an "entropy pool" like /dev/urandom is making
> this problematic -- especially because EGD has issues with Irix that
> making it largely unusable.
>
> Obviously, the original ssh relied on its own random number
> generator. While this may not have provided the same degree of
> randomness that is provided by the openssh implementation, it had
> the advantage of being completely self contained.

You might want to try the test release at:

http://violet.ibs.com.au/openssh/files/test

It has the beginnings of self-contained random collection. Please
report the output of "ssh -v somehost".

Suggestions for more commands (see the table in entropy.c) to collect
randomness would be greatly appreciated.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
OpenSSH and IRIX? [ In reply to ]
yuri at iqnest
Apr 28, 2000, 5:59 PM
Post #3 of 4 (854 views)
Permalink
Hey guys :-)
I'm trying to set up Openssh 1.2.3 on the IRIX 6.5.6.
I wasn't successful so far :-(
I've compiled latest openssl (the one that is on the same ftp site as
openssh), and it goes to /usr/local/ssl , but then openssh's ./configure
fails with the "Could not find working SSLeay / OpenSSL libraries, please
install". So i do ./configure --with-ssl-dir=/usr/local/ssl/lib/ -doesn't,
then the same with /usr/local/ssl/include, /usr/local/ssl ---- still the
same result.

Which compiler should i use?
I've tried to compile openssl with mips-cc , with gcc 2.81 , still the same
error.
Am i doing smth really stupid and wrong, but can't get it 'cuz it's Friday?
;-)

Any tips or suggestions are greatly appreciated.
Thanx a lot for your reply :-)
Re: OpenSSH and IRIX? [ In reply to ]
djm at mindrot
Apr 29, 2000, 6:27 AM
Post #4 of 4 (857 views)
Permalink
On Fri, 28 Apr 2000, Yuri Litvin wrote:

> Hey guys :-)
> I'm trying to set up Openssh 1.2.3 on the IRIX 6.5.6. I wasn't
> successful so far :-( I've compiled latest openssl (the one that
> is on the same ftp site as openssh), and it goes to /usr/local/ssl
> , but then openssh's ./configure fails with the "Could not find
> working SSLeay / OpenSSL libraries, please install". So i do
> ./configure --with-ssl-dir=/usr/local/ssl/lib/ -doesn't, then the
> same with /usr/local/ssl/include, /usr/local/ssl ---- still the same
> result.

Is OpenSSL compiled with the same compiler as OpenSSH? I have had
problems on Irix with libraries compiled with different compilers.

Have a look at config.log (send it to me if you like). There should
be a few compilation failure messages at the end when it was trying
to search for openssl - they should tell you more.

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal