files using anziowin
Brian K. White
brian at aljex.com
Fri Aug 13 23:37:36 PDT 2004
Fairlight wrote:
> On Sat, Aug 14, 2004 at 12:50:48AM -0400, Jay Ashworth, the prominent
> pundit, witicized:
>>
>> It's much more secure, and not a whole lot harder, to use OpenSSH,
>> which is available as a custom package for OS 5.0.x, I believe
>> directly from Skunkware.
>
> Or you can install the free devkit and compile your own OpenSSH from
> the latest source, which is bound to have a lot less of the security
> holes than anything from an outdated Skunkware release. It compiles
> cleanly on OSR5.
>
>> It does require you to set up PRNGD and make sure it stays running,
>> but it's well worth the effort.
>
> What the hell is PRNGD? :) I dropped in OpenSSH and had nothing to
> do
> with anything by that name or label. Do tell.
pseudo random number generator daemon.
It provides a fifo that you can read entropy from at will, and it's better
than using the built-in randomness code in openssh.
You could also use other similar generators in place of prngd, such as EGD,
but it seems prngd is more common.
On linux/freebsd, I think it uses /dev/random rather than either it's own
code or an entropy daemon.
./configure probably established that you have no prngd, or, that you do
have it and don't even know it, and used it or didn't as appropriate, so
from your point of view it "just worked" but it's better to insist on having
it use prngd for better security.
Or, it's better to insist on having it use it's own built-in code, for
better reliability and portability.
Take your pick.
On 5.0.7 or later openssh ships with the system and it uses prngd. JPR has
the latest version compiled and packaged for 5.0.6 and lower, and 5.0.7,
also using prngd. The 5.0.7 package doesn't include a copy of prngd since it
is already there. the 5.0.6 & lower package includes prngd and rc start
scripts. ftp.jpr.com use a command line client.
the downside of using prngd is that if it stops running, so does ssh. can't
log in nor ssh out.
the skunkware version of prngd includes a buggy rc script that will fail to
start up all the time
jpr's and the entirely weird and mangled mechanism built-in to 5.0.7 do not
have that problem.
The older version would crash once in a while too after long uptimes. I
think the current version is better, but not yet convinced it's on par with
the telnet & ftp daemons, which I've never seen crash or fail to work except
when I barkled a library update once.
Brian K. White -- brian at aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO Prosper/FACTS AutoCAD #callahans Satriani
Brian K. White -- brian at aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO Prosper/FACTS AutoCAD #callahans Satriani
More information about the Filepro-list
mailing list