diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | INSTALL | 18 | ||||
-rw-r--r-- | README | 21 | ||||
-rw-r--r-- | WARNING.RNG | 2 | ||||
-rw-r--r-- | configure.in | 22 |
5 files changed, 47 insertions, 18 deletions
@@ -9,6 +9,8 @@ | |||
9 | [bindresvport.c] | 9 | [bindresvport.c] |
10 | in bindresvport(), if sin is non-NULL, example sin->sin_family for | 10 | in bindresvport(), if sin is non-NULL, example sin->sin_family for |
11 | the actual family being processed | 11 | the actual family being processed |
12 | - (djm) Mention PRNGd in documentation, it is nicer than EGD | ||
13 | - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf | ||
12 | 14 | ||
13 | 20010124 | 15 | 20010124 |
14 | - (bal) OpenBSD Resync | 16 | - (bal) OpenBSD Resync |
@@ -29,10 +29,18 @@ passphrase requester. This is maintained separately at: | |||
29 | 29 | ||
30 | http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html | 30 | http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html |
31 | 31 | ||
32 | PRNGD: | ||
33 | |||
34 | If your system lacks Kernel based random collection, the use of Lutz | ||
35 | Jaenicke's PRNGd is recommended. | ||
36 | |||
37 | http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html | ||
38 | |||
39 | EGD: | ||
40 | |||
32 | The Entropy Gathering Daemon (EGD) is supported if you have a system which | 41 | The Entropy Gathering Daemon (EGD) is supported if you have a system which |
33 | lacks /dev/random and don't want to use OpenSSH's internal entropy collection. | 42 | lacks /dev/random and don't want to use OpenSSH's internal entropy collection. |
34 | 43 | ||
35 | EGD: | ||
36 | http://www.lothar.com/tech/crypto/ | 44 | http://www.lothar.com/tech/crypto/ |
37 | 45 | ||
38 | GNU Make: | 46 | GNU Make: |
@@ -110,10 +118,10 @@ headers, for this to work. | |||
110 | random numbers (the default is /dev/urandom). Unless you are absolutely | 118 | random numbers (the default is /dev/urandom). Unless you are absolutely |
111 | sure of what you are doing, it is best to leave this alone. | 119 | sure of what you are doing, it is best to leave this alone. |
112 | 120 | ||
113 | --with-egd-pool=/some/file allows you to enable Entropy Gathering | 121 | --with-egd-pool=/some/file allows you to enable EGD or PRNGD support |
114 | Daemon support and to specify a EGD pool socket. Use this if your | 122 | and to specify a EGD pool socket. Use this if your Unix lacks |
115 | Unix lacks /dev/random and you don't want to use OpenSSH's builtin | 123 | /dev/random and you don't want to use OpenSSH's builtin entropy |
116 | entropy collection support. | 124 | collection support. |
117 | 125 | ||
118 | --with-lastlog=FILE will specify the location of the lastlog file. | 126 | --with-lastlog=FILE will specify the location of the lastlog file. |
119 | ./configure searches a few locations for lastlog, but may not find | 127 | ./configure searches a few locations for lastlog, but may not find |
@@ -14,8 +14,8 @@ Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a | |||
14 | homepage at http://www.openssh.com/ | 14 | homepage at http://www.openssh.com/ |
15 | 15 | ||
16 | This port consists of the re-introduction of autoconf support, PAM | 16 | This port consists of the re-introduction of autoconf support, PAM |
17 | support (for Linux and Solaris), EGD[1] support and replacements for | 17 | support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements |
18 | OpenBSD library functions that are (regrettably) absent from other | 18 | for OpenBSD library functions that are (regrettably) absent from other |
19 | unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD | 19 | unices. This port has been best tested on Linux, Solaris, HPUX, NetBSD |
20 | and Irix. Support for AIX, SCO, NeXT and other Unices is underway. | 20 | and Irix. Support for AIX, SCO, NeXT and other Unices is underway. |
21 | This version actively tracks changes in the OpenBSD CVS repository. | 21 | This version actively tracks changes in the OpenBSD CVS repository. |
@@ -24,7 +24,7 @@ The PAM support is now more functional than the popular packages of | |||
24 | commercial ssh-1.2.x. It checks "account" and "session" modules for | 24 | commercial ssh-1.2.x. It checks "account" and "session" modules for |
25 | all logins, not just when using password authentication. | 25 | all logins, not just when using password authentication. |
26 | 26 | ||
27 | OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. | 27 | OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5]. |
28 | 28 | ||
29 | There is now several mailing lists for this port of OpenSSH. Please | 29 | There is now several mailing lists for this port of OpenSSH. Please |
30 | refer to http://www.openssh.com/list.html for details on how to join. | 30 | refer to http://www.openssh.com/list.html for details on how to join. |
@@ -37,11 +37,11 @@ If you are a citizen of the USA or another country which restricts | |||
37 | export of cryptographic products, then please refrain from sending | 37 | export of cryptographic products, then please refrain from sending |
38 | crypto-related code or patches to the list. We cannot accept them. | 38 | crypto-related code or patches to the list. We cannot accept them. |
39 | Other code contribution are accepted, but please follow the OpenBSD | 39 | Other code contribution are accepted, but please follow the OpenBSD |
40 | style guidelines[5]. | 40 | style guidelines[6]. |
41 | 41 | ||
42 | Please refer to the INSTALL document for information on how to install | 42 | Please refer to the INSTALL document for information on how to install |
43 | OpenSSH on your system. There are a number of differences between this | 43 | OpenSSH on your system. There are a number of differences between this |
44 | port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[6] | 44 | port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] |
45 | for details and general tips. | 45 | for details and general tips. |
46 | 46 | ||
47 | Damien Miller <djm@mindrot.org> | 47 | Damien Miller <djm@mindrot.org> |
@@ -56,8 +56,9 @@ References - | |||
56 | 56 | ||
57 | [0] http://www.openssh.com/faq.html | 57 | [0] http://www.openssh.com/faq.html |
58 | [1] http://www.lothar.com/tech/crypto/ | 58 | [1] http://www.lothar.com/tech/crypto/ |
59 | [2] ftp://ftp.freesoftware.com/pub/infozip/zlib/ | 59 | [2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html |
60 | [3] http://www.openssl.org/ | 60 | [3] ftp://ftp.freesoftware.com/pub/infozip/zlib/ |
61 | [4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris) | 61 | [4] http://www.openssl.org/ |
62 | [5] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9&apropos=0&manpath=OpenBSD+Current | 62 | [5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris) |
63 | [6] http://www.openssh.com/faq.html | 63 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
64 | [7] http://www.openssh.com/faq.html | ||
diff --git a/WARNING.RNG b/WARNING.RNG index 21f4901c9..44e606d54 100644 --- a/WARNING.RNG +++ b/WARNING.RNG | |||
@@ -16,6 +16,8 @@ key and impersonate you or your hosts. | |||
16 | 16 | ||
17 | If you are using the builtin random number support (configure will | 17 | If you are using the builtin random number support (configure will |
18 | tell you if this is the case), then read this document in its entirety. | 18 | tell you if this is the case), then read this document in its entirety. |
19 | Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which | ||
20 | collects random numbers and makes them available by a socket. | ||
19 | 21 | ||
20 | Please also request that your OS vendor provides a kernel-based random | 22 | Please also request that your OS vendor provides a kernel-based random |
21 | number collector (/dev/random) in future versions of your operating | 23 | number collector (/dev/random) in future versions of your operating |
diff --git a/configure.in b/configure.in index f217e5ae9..798e327be 100644 --- a/configure.in +++ b/configure.in | |||
@@ -1043,7 +1043,7 @@ AC_CHECK_FILE("/dev/ptc", | |||
1043 | 1043 | ||
1044 | # Check for user-specified random device, otherwise check /dev/urandom | 1044 | # Check for user-specified random device, otherwise check /dev/urandom |
1045 | AC_ARG_WITH(random, | 1045 | AC_ARG_WITH(random, |
1046 | [ --with-random=FILE read randomness from FILE (default=/dev/urandom)], | 1046 | [ --with-random=FILE read entropy from FILE (default=/dev/urandom)], |
1047 | [ | 1047 | [ |
1048 | if test "x$withval" != "xno" ; then | 1048 | if test "x$withval" != "xno" ; then |
1049 | RANDOM_POOL="$withval"; | 1049 | RANDOM_POOL="$withval"; |
@@ -1064,15 +1064,31 @@ AC_ARG_WITH(random, | |||
1064 | 1064 | ||
1065 | # Check for EGD pool file | 1065 | # Check for EGD pool file |
1066 | AC_ARG_WITH(egd-pool, | 1066 | AC_ARG_WITH(egd-pool, |
1067 | [ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)], | 1067 | [ --with-egd-pool=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], |
1068 | [ | 1068 | [ |
1069 | if test "x$withval" != "xno" ; then | 1069 | if test "x$withval" != "xno" ; then |
1070 | EGD_SOCKET="$withval"; | 1070 | EGD_SOCKET="$withval"; |
1071 | AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") | 1071 | AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") |
1072 | fi | 1072 | fi |
1073 | ], | ||
1074 | [ | ||
1075 | # Check for existing socket only if we don't have a random device already | ||
1076 | if test -z "$RANDOM_POOL" ; then | ||
1077 | AC_MSG_CHECKING(for PRNGD/EGD socket) | ||
1078 | # Insert other locations here | ||
1079 | for egdsock in /var/run/egd-pool /etc/entropy ; do | ||
1080 | if test -S $egdsock ; then | ||
1081 | EGD_SOCKET="$egdsock" | ||
1082 | AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") | ||
1083 | AC_MSG_RESULT($egdsock) | ||
1084 | break; | ||
1085 | fi | ||
1086 | done | ||
1087 | fi | ||
1073 | ] | 1088 | ] |
1074 | ) | 1089 | ) |
1075 | 1090 | ||
1091 | |||
1076 | # detect pathnames for entropy gathering commands, if we need them | 1092 | # detect pathnames for entropy gathering commands, if we need them |
1077 | INSTALL_SSH_PRNG_CMDS="" | 1093 | INSTALL_SSH_PRNG_CMDS="" |
1078 | rm -f prng_commands | 1094 | rm -f prng_commands |
@@ -1629,7 +1645,7 @@ if test ! -z "$RANDOM_POOL" ; then | |||
1629 | RAND_MSG="Device ($RANDOM_POOL)" | 1645 | RAND_MSG="Device ($RANDOM_POOL)" |
1630 | else | 1646 | else |
1631 | if test ! -z "$EGD_SOCKET" ; then | 1647 | if test ! -z "$EGD_SOCKET" ; then |
1632 | RAND_MSG="EGD ($EGD_SOCKET)" | 1648 | RAND_MSG="EGD/PRNGD ($EGD_SOCKET)" |
1633 | else | 1649 | else |
1634 | RAND_MSG="Builtin (timeout $entropy_timeout)" | 1650 | RAND_MSG="Builtin (timeout $entropy_timeout)" |
1635 | BUILTIN_RNG=1 | 1651 | BUILTIN_RNG=1 |