Re: sshd fun

[Oystein Viggen <oysteivi@tihlde.org>]

Niels Möller wrote: 

> The only potential problem I'm aware of is the randomness
> initialization; recent versions of lsh try to cope without
> /dev/urandom by executing some random commands (vmstat, netstat, ps,
> etc with various flags), and seed a prng (currently based on arcfour)
> from the output. See
> http://www.lysator.liu.se/~nisse/lsh/src/unix_random.c for the
> complete list, most of it is taken from Peter Gutmanns cryptlib.

Actually, I think I recognize some of the comments in that file from the
Entropy Gathering Daemon, egd.pl, and I certainly recognize some of the
examples (like getting a non-existant URL from lavarand :)

I already have an EGD compatible daemon, prngd, running on my system
constantly feeding on vmstat, ps and the likes to gather randomness
available from a socket, for programs that support it.  Like
/dev/urandom, prngd will continue to supply pseudo random data when it
runs out of entropy.

Wouldn't it be a good idea to make new versions of lsh able to speak to
EGD and compatible daemons (unless of course they already do)?  OpenSSH
already has that option (--with-egd-pool= in configure).  Having some
pre-buffered entropy seems to work much better than trying to generate
it on the fly.  

I tried to make OpenSSH use /etc/ssh/ssh_prng_cmds, which seems a
similar approach as the one you describe for lsh, but it simply was not
able to produce enough random data neither for key generation nor for
simple client connections.  Prngd worked wonderfully.

If you want to test prngd, you can find it here:
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html

Oystein
-- 
ssh -c rot13 otherhost