- (djm) Mention PRNGd in documentation, it is nicer than EGD
- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
This commit is contained in:
parent
2a5c1cede0
commit
0736c4df83
|
@ -9,6 +9,8 @@
|
|||
[bindresvport.c]
|
||||
in bindresvport(), if sin is non-NULL, example sin->sin_family for
|
||||
the actual family being processed
|
||||
- (djm) Mention PRNGd in documentation, it is nicer than EGD
|
||||
- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
|
||||
|
||||
20010124
|
||||
- (bal) OpenBSD Resync
|
||||
|
|
18
INSTALL
18
INSTALL
|
@ -29,10 +29,18 @@ passphrase requester. This is maintained separately at:
|
|||
|
||||
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
|
||||
|
||||
PRNGD:
|
||||
|
||||
If your system lacks Kernel based random collection, the use of Lutz
|
||||
Jaenicke's PRNGd is recommended.
|
||||
|
||||
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|
||||
|
||||
EGD:
|
||||
|
||||
The Entropy Gathering Daemon (EGD) is supported if you have a system which
|
||||
lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
|
||||
|
||||
EGD:
|
||||
http://www.lothar.com/tech/crypto/
|
||||
|
||||
GNU Make:
|
||||
|
@ -110,10 +118,10 @@ headers, for this to work.
|
|||
random numbers (the default is /dev/urandom). Unless you are absolutely
|
||||
sure of what you are doing, it is best to leave this alone.
|
||||
|
||||
--with-egd-pool=/some/file allows you to enable Entropy Gathering
|
||||
Daemon support and to specify a EGD pool socket. Use this if your
|
||||
Unix lacks /dev/random and you don't want to use OpenSSH's builtin
|
||||
entropy collection support.
|
||||
--with-egd-pool=/some/file allows you to enable EGD or PRNGD support
|
||||
and to specify a EGD pool socket. Use this if your Unix lacks
|
||||
/dev/random and you don't want to use OpenSSH's builtin entropy
|
||||
collection support.
|
||||
|
||||
--with-lastlog=FILE will specify the location of the lastlog file.
|
||||
./configure searches a few locations for lastlog, but may not find
|
||||
|
|
21
README
21
README
|
@ -14,8 +14,8 @@ Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
|
|||
homepage at http://www.openssh.com/
|
||||
|
||||
This port consists of the re-introduction of autoconf support, PAM
|
||||
support (for Linux and Solaris), EGD[1] support and replacements for
|
||||
OpenBSD library functions that are (regrettably) absent from other
|
||||
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
|
||||
for OpenBSD library functions that are (regrettably) absent from other
|
||||
unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD
|
||||
and Irix. Support for AIX, SCO, NeXT and other Unices is underway.
|
||||
This version actively tracks changes in the OpenBSD CVS repository.
|
||||
|
@ -24,7 +24,7 @@ The PAM support is now more functional than the popular packages of
|
|||
commercial ssh-1.2.x. It checks "account" and "session" modules for
|
||||
all logins, not just when using password authentication.
|
||||
|
||||
OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4].
|
||||
OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
|
||||
|
||||
There is now several mailing lists for this port of OpenSSH. Please
|
||||
refer to http://www.openssh.com/list.html for details on how to join.
|
||||
|
@ -37,11 +37,11 @@ If you are a citizen of the USA or another country which restricts
|
|||
export of cryptographic products, then please refrain from sending
|
||||
crypto-related code or patches to the list. We cannot accept them.
|
||||
Other code contribution are accepted, but please follow the OpenBSD
|
||||
style guidelines[5].
|
||||
style guidelines[6].
|
||||
|
||||
Please refer to the INSTALL document for information on how to install
|
||||
OpenSSH on your system. There are a number of differences between this
|
||||
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6]
|
||||
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
|
||||
for details and general tips.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
@ -56,8 +56,9 @@ References -
|
|||
|
||||
[0] http://www.openssh.com/faq.html
|
||||
[1] http://www.lothar.com/tech/crypto/
|
||||
[2] ftp://ftp.freesoftware.com/pub/infozip/zlib/
|
||||
[3] http://www.openssl.org/
|
||||
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
|
||||
[5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current
|
||||
[6] http://www.openssh.com/faq.html
|
||||
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|
||||
[3] ftp://ftp.freesoftware.com/pub/infozip/zlib/
|
||||
[4] http://www.openssl.org/
|
||||
[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
|
|
@ -16,6 +16,8 @@ key and impersonate you or your hosts.
|
|||
|
||||
If you are using the builtin random number support (configure will
|
||||
tell you if this is the case), then read this document in its entirety.
|
||||
Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
|
||||
collects random numbers and makes them available by a socket.
|
||||
|
||||
Please also request that your OS vendor provides a kernel-based random
|
||||
number collector (/dev/random) in future versions of your operating
|
||||
|
|
22
configure.in
22
configure.in
|
@ -1043,7 +1043,7 @@ AC_CHECK_FILE("/dev/ptc",
|
|||
|
||||
# Check for user-specified random device, otherwise check /dev/urandom
|
||||
AC_ARG_WITH(random,
|
||||
[ --with-random=FILE read randomness from FILE (default=/dev/urandom)],
|
||||
[ --with-random=FILE read entropy from FILE (default=/dev/urandom)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
RANDOM_POOL="$withval";
|
||||
|
@ -1064,15 +1064,31 @@ AC_ARG_WITH(random,
|
|||
|
||||
# Check for EGD pool file
|
||||
AC_ARG_WITH(egd-pool,
|
||||
[ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)],
|
||||
[ --with-egd-pool=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
EGD_SOCKET="$withval";
|
||||
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
|
||||
fi
|
||||
],
|
||||
[
|
||||
# Check for existing socket only if we don't have a random device already
|
||||
if test -z "$RANDOM_POOL" ; then
|
||||
AC_MSG_CHECKING(for PRNGD/EGD socket)
|
||||
# Insert other locations here
|
||||
for egdsock in /var/run/egd-pool /etc/entropy ; do
|
||||
if test -S $egdsock ; then
|
||||
EGD_SOCKET="$egdsock"
|
||||
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
|
||||
AC_MSG_RESULT($egdsock)
|
||||
break;
|
||||
fi
|
||||
done
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
|
||||
# detect pathnames for entropy gathering commands, if we need them
|
||||
INSTALL_SSH_PRNG_CMDS=""
|
||||
rm -f prng_commands
|
||||
|
@ -1629,7 +1645,7 @@ if test ! -z "$RANDOM_POOL" ; then
|
|||
RAND_MSG="Device ($RANDOM_POOL)"
|
||||
else
|
||||
if test ! -z "$EGD_SOCKET" ; then
|
||||
RAND_MSG="EGD ($EGD_SOCKET)"
|
||||
RAND_MSG="EGD/PRNGD ($EGD_SOCKET)"
|
||||
else
|
||||
RAND_MSG="Builtin (timeout $entropy_timeout)"
|
||||
BUILTIN_RNG=1
|
||||
|
|
Loading…
Reference in New Issue