I have been trying to get SSH installed on a complete and fresh installation of Solaris 8. All patches and packages are installed but when I try to create the keys below is what I see:
# ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_ke
PRNG is not seeded
I have scoured the Internet looking for an answer and there seems to be no one in the Unix world capable of giving a simple response that makes sense.
What does this mean and how do I fix it?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
You need to make sure that the Pseudo Random Number Generator Daemon -- prngd is running before you can use openssh (ssh)
Modidy the following script to suite you installation (the path to prngd), put the following script in /etc/rc2.d and called it S98prngd. (Startup script)
then run:
/etc/rc2.d/S98prngd start
to start the daemon, after that youshould be able to use ssh.
Here's the startup script
#!/bin/sh
# Start up script for Pseudo Random Number Generator Daemon
#
# placed in /etc/init.d with file name prngd and then as root run
# This daemon must run before the sshd start
#
# chown root /etc/init.d/prngd
# chgrp sys /etc/init.d/prngd
# chmod 555 /etc/init.d/prngd
# ln -s /etc/init.d/prngd /etc/rc2.d/S98prngd
# /etc/rc2.d/S98prngd stop
# /etc/rc2.d/S98prngd start
pid=`/usr/bin/ps -e | /usr/bin/grep prngd | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
case $1 in
'start')
/usr/local/bin/prngd /var/spool/prngd/pool
;;
'stop')
if [ "${pid}" != "" ]
then
/usr/bin/kill ${pid}
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac
#-------------------------
Cheers!
ARGGGHHHH!!!
this is not working!
here are the packages that have been installed:
# ls
112438-01 openssh-3.5p1-sol8-sparc-l
egd-0.8-sol8-sparc-local openssl-0.9.6i-sol8-sparc-
libgcc-3.2.2-sol8-sparc-lo
#
I have followed all docs to the letter and tried ya'lls scripts...still I get the same thing.
Ok, you are runing Solaris (SPARC), here's something I wrote sometime ago from my previous installation:
Openssh configuration files:
Solaris: /usr/local/etc/ssh_config
1) Install the following packages:
openssl-0.9.6c
openssh-3.1p1
prngd-0.9.23
zlib-1.1.4
perl-5.6.1
2) Setup the Pseudo Random Number Generator Daemon
mkdir /var/spool/prngd
write a script to auto start and stop the prngd daemon (S98prngd), put it in
/etc/rc2.d, make it start before the sshd startup script
3) cd /usr/local/etc, edit ssh_config and sshd_config file.
I put the keys in /etc/ssh2
4) create the ssh keys use the following commands:
ssh-keygen -t rsa1 -f /etc/ssh2/ssh_host_key -N ""
ssh-keygen -t dsa -f /etc/ssh2/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh2/ssh_host_rsa_key
5) cp ~/bin/start-ssh.sh /etc/rc2.d/S99sshd
change the permissions for /etc/rc2.d/S99sshd
/etc/rc2.d/S99sshd start
#Create a sshd startup script, I wrote one for all my systems.
Note: you can forgot about perl 5.x if you are not using it.
Please have a look at my note see if it make sense to you.
yeah I did the mkdir /var/spool/prngd
Creating the scripts and starting the daemons are no problem...but sure enough as soon as I try to create the keys I get the message that prng is not seeded.
I followed http://www.unixguide.net/s
and
http://www.sunfreeware.com
exactly as written. This worked on my previous setup then I changed to a bigger harddrive and re-installed solaris from scratch...now for some reason its not working.
These are newer release files then the ones I previously used. Could there be an issue with these newer releases? Sunfreeware states that PRNG is not required yet it seems as though I cannot do much without it.
yeah I did the mkdir /var/spool/prngd
Creating the scripts and starting the daemons are no problem...but sure enough as soon as I try to create the keys I get the message that prng is not seeded.
I followed http://www.unixguide.net/s
and
http://www.sunfreeware.com
exactly as written. This worked on my previous setup then I changed to a bigger harddrive and re-installed solaris from scratch...now for some reason its not working.
These are newer release files then the ones I previously used. Could there be an issue with these newer releases? Sunfreeware states that PRNG is not required yet it seems as though I cannot do much without it.
I have not tried the newer release yet, there might be a problem with the new one. (It might be a documentation error at http://www.sunfreeware.com
If you still have the old pakages, it is easy to use them to get it going.
I have had this problem before, it was because
/devices/pseudo/random@0:r
ls -l /devices/pseudo/random@0:*
if they are -r------, do
chmod a+r /devices/pseudo/random@0:*
That fixed it for me on a couple of systems.
Ok its all back up and I have once again installed the packeages and proper patches...
I followed the setups exactly as described and tried the latest sugestion. Here is what I get:
# ls -l /devices/pseudo/random@0:r
/devices/pseudo/random@0:r
lrwxrwxrwx 1 root other 31 Apr 8 14:07 /dev/random -> /devices/pseudo/random@0:r
#
I checked /dev fopr the random file and its there but when I try to vi or more on it, it says it does not exist.
# ln -s /devices/pseudo/random@0:r
# ln -s /devices/pseudo/random@0:u
#
# cd /dev
# ls
allkmem fd0c logindmux ptyp9 ptyr1 rfd0a term ttype ttyr6
arp fssnapctl m640 ptypa ptyr2 rfd0b ticlts ttypf ttyr7
audio ge mem ptypb ptyr3 rfd0c ticots ttyq0 ttyr8
audioctl hme mouse ptypc ptyr4 rmt ticotsord ttyq1 ttyr9
bd.off icmp msglog ptypd ptyr5 rsm tnfctl ttyq2 ttyra
ce icmp6 nca ptype ptyr6 rsr0 tnfmap ttyq3 ttyrb
cfg ip null ptypf ptyr7 rts tod ttyq4 ttyrc
conslog ip6 openprom ptyq0 ptyr8 sad tty ttyq5 ttyrd
console ipd pm ptyq1 ptyr9 se_hdlc ttya ttyq6 ttyre
cua ipdcm poll ptyq2 ptyra se_hdlc0 ttyb ttyq7 ttyrf
diskette ipdptp power_button ptyq3 ptyrb se_hdlc1 ttyp0 ttyq8 udp
diskette0 ipsecah printers ptyq4 ptyrc sound ttyp1 ttyq9 udp6
dsk ipsecesp ptmajor ptyq5 ptyrd sppp ttyp2 ttyqa urandom
dump kbd ptmx ptyq6 ptyre sppptun ttyp3 ttyqb volctl
ecpp0 keysock pts ptyq7 ptyrf sr0 ttyp4 ttyqc winlock
eri kmem ptyp0 ptyq8 qe stderr ttyp5 ttyqd wrsmd
fb kstat ptyp1 ptyq9 qfe stdin ttyp6 ttyqe wscons
fb0 ksyms ptyp2 ptyqa random stdout ttyp7 ttyqf zero
fbs le ptyp3 ptyqb rawip swap ttyp8 ttyr0
fcode llc1 ptyp4 ptyqc rawip6 syscon ttyp9 ttyr1
fd llc2 ptyp5 ptyqd rdiskette sysmsg ttypa ttyr2
fd0 lockstat ptyp6 ptyqe rdiskette0 systty ttypb ttyr3
fd0a lofictl ptyp7 ptyqf rdsk tcp ttypc ttyr4
fd0b log ptyp8 ptyr0 rfd0 tcp6 ttypd ttyr5
I am convinced that there is not a single individual out there who knows what this means or how to fix it. Sure there are a few who tried some stuff and got lucky but I doubt that they really knew what the problem really was. I have wiped out my Solaris 8 (Sparc) install and started completely from scratch several times now. No matter what I do I still get this message. I have scoured the web looking for an intelligent explanation using simple english and have yet to find one. A previous install worked perfectly...then I try to change to a larger harddrive and now this is.
And Unix is better then what Mr. Gates?
phatgreenbuds67,
Do yourself a favor and install Solaris 9. It installs and configures SSH by default. Since you are using the SPARC platform, it is a free download for you: http://wwws.sun.com/softwa
/kristofer
kspinka,
unfortunately that is not an option. This box is here for a specific purpose. To lab my current production Provider-1 setup in preperation for migration to NG. So its crucial that I run Solaris 8 to mimic the as closely as possible the current production environment.
yuzh,
yeah as frustrated as I am getting, I admit that I am enjoying learning unix...just wish there was some way to get decent docs or help pages...I have finally had to crawl to our Unix admins for help. This is not an easy thing for a network type like myself. But I think I may have it straightend out. If I do I'll post it here among the other resolutions.
phatgreenbuds67,
On Solaris 8 I have used the following guide: http://www.sunfreeware.com
Sun has released a patch (112438-01 for SPARC), albeit some time ago, to support /dev/{u,}random. With that said, I recommend that you install the patch and then download the OpenSSH source from: ftp://ftp3.usa.openbsd.org
/kristofer
I have done all this, several times. I have followed the docs word for word. I have installed the patch from Sun and still I get this PRNG message. So I installed PRNG and still the same message. I went to the OpenSSH site and read through the faqs. Those guys are just great. They can tell you all about the problem but not a word about how to fix it.
As for the random device thats built in? Thats what I thought to...but as I said this error started on a fresh install where OpenSSH was the first thing I have tried to get working.
There are a number of options to get the /dev/random device working described (vaguely) in Sun document 27606.
PRNG is a package that emulates /dev/random functionality - required for Solaris pre version 8 - in your case you should not need this package at all.
Solaris version 9 has the /dev/random device pre-installed.
Solaris version 8 is the problem, requiring the patch 112438-01 (SPARC) to be installed. For some reason this patch was built such that a reconfiguration reboot is required following installation (call 'touch /reconfigure before rebooting).
Checks to do..
showrev -p | grep 112438 -- Is patch applied?
ls -la /kernel/drv/random -- Is kernel driver there?
If you have applied the patch sucessfully but not reconfigure rebooted then do so. You could try to call 'add_drv random; devfsadm -i random' to install it without a reboot but I can't confirm if this works.
If the installation has worked you should have the device files.
/devices/pseudo/random@0:r
/devices/pseudo/random@0:u
If these don't exist no amount of linking and permission changing is going to work.
It also appears that certain Solaris 8 Releases, Solaris 8 HW 12/02 or later, (cat /etc/release to find out version) include this patch already, but it was applied incorrectly at source! See bug ID 4791713. If this is the case, then the above 2 checks will suggest the patch is applied, but the following will report no random device..
grep random /etc/name_to_major -- Is it there?
grep random /etc/devlink.tab -- or here?
If the answer to the last 2 questions is no then you have hit the bug in 4791713. To fix call..
rem_drv random
add_drv random
edit /etc/devlink.tab to add this line below <TAB> before \M0:
type=ddi_pseudo;name=rando
devfsadm -i random
This removes the random driver from kernel and reapplies it, adds it to the device table and reconfigures the kernel to add the random device.
Business Accounts
Answer for Membership
by: soupdragonPosted on 2003-04-07 at 14:23:40ID: 8287138
Most answers seem to point to a missing /dev/random file fixed by patch 112438-01 and rebooting. You may also need to creat links if they still don't exist after a reboot.
ln -s /devices/pseudo/random@0:r
ln -s /devices/pseudo/random@0:u
Do you have he Pseudo Random Number Generator package installed?
See http://www.unixguide.net/s