[bindresvport.c]
in bindresvport(), if sin is non-NULL, example sin->sin_family for
the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
20010124
- (bal) OpenBSD Resync
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
+PRNGD:
+
+If your system lacks Kernel based random collection, the use of Lutz
+Jaenicke's PRNGd is recommended.
+
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+
+EGD:
+
The Entropy Gathering Daemon (EGD) is supported if you have a system which
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
-EGD:
http://www.lothar.com/tech/crypto/
GNU Make:
random numbers (the default is /dev/urandom). Unless you are absolutely
sure of what you are doing, it is best to leave this alone.
---with-egd-pool=/some/file allows you to enable Entropy Gathering
-Daemon support and to specify a EGD pool socket. Use this if your
-Unix lacks /dev/random and you don't want to use OpenSSH's builtin
-entropy collection support.
+--with-egd-pool=/some/file allows you to enable EGD or PRNGD support
+and to specify a EGD pool socket. Use this if your Unix lacks
+/dev/random and you don't want to use OpenSSH's builtin entropy
+collection support.
--with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find
homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1] support and replacements for
-OpenBSD library functions that are (regrettably) absent from other
+support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
+for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD
and Irix. Support for AIX, SCO, NeXT and other Unices is underway.
This version actively tracks changes in the OpenBSD CVS repository.
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4].
+OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.
export of cryptographic products, then please refrain from sending
crypto-related code or patches to the list. We cannot accept them.
Other code contribution are accepted, but please follow the OpenBSD
-style guidelines[5].
+style guidelines[6].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
-port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6]
+port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.
Damien Miller <djm@mindrot.org>
[0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/
-[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/
-[3] http://www.openssl.org/
-[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
-[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current
-[6] http://www.openssh.com/faq.html
+[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+[3] ftp://ftp.freesoftware.com/pub/infozip/zlib/
+[4] http://www.openssl.org/
+[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
+[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
+[7] http://www.openssh.com/faq.html
If you are using the builtin random number support (configure will
tell you if this is the case), then read this document in its entirety.
+Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
+collects random numbers and makes them available by a socket.
Please also request that your OS vendor provides a kernel-based random
number collector (/dev/random) in future versions of your operating
# Check for user-specified random device, otherwise check /dev/urandom
AC_ARG_WITH(random,
- [ --with-random=FILE read randomness from FILE (default=/dev/urandom)],
+ [ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
[
if test "x$withval" != "xno" ; then
RANDOM_POOL="$withval";
# Check for EGD pool file
AC_ARG_WITH(egd-pool,
- [ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)],
+ [ --with-egd-pool=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
[
if test "x$withval" != "xno" ; then
EGD_SOCKET="$withval";
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
fi
+ ],
+ [
+ # Check for existing socket only if we don't have a random device already
+ if test -z "$RANDOM_POOL" ; then
+ AC_MSG_CHECKING(for PRNGD/EGD socket)
+ # Insert other locations here
+ for egdsock in /var/run/egd-pool /etc/entropy ; do
+ if test -S $egdsock ; then
+ EGD_SOCKET="$egdsock"
+ AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
+ AC_MSG_RESULT($egdsock)
+ break;
+ fi
+ done
+ fi
]
)
+
# detect pathnames for entropy gathering commands, if we need them
INSTALL_SSH_PRNG_CMDS=""
rm -f prng_commands
RAND_MSG="Device ($RANDOM_POOL)"
else
if test ! -z "$EGD_SOCKET" ; then
- RAND_MSG="EGD ($EGD_SOCKET)"
+ RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
else
RAND_MSG="Builtin (timeout $entropy_timeout)"
BUILTIN_RNG=1