From owner-ssh@clinet.fi Fri May 25 21:23:28 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id VAA29760 for ; Fri, 25 May 2001 21:23:28 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id 31DD9208D2; Fri, 25 May 2001 21:23:28 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id UAA15738 for ssh-outgoing; Fri, 25 May 2001 20:58:19 +0300 Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De [141.43.132.161]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id UAA15735 for ; Fri, 25 May 2001 20:58:18 +0300 Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 11019) id 4F0262F80; Fri, 25 May 2001 19:58:03 +0200 (METDST) Date: Fri, 25 May 2001 19:58:03 +0200 From: Lutz Jaenicke To: "'ssh@clinet.fi'" Subject: Re: STILL can't genereate openssh dsa key Message-ID: <20010525195802.A11754@serv01.aet.tu-cottbus.de> Mail-Followup-To: "'ssh@clinet.fi'" References: <549AB966B45DD311A58A0000E86CEA8D0CAED57C@postoffice.btitele.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <549AB966B45DD311A58A0000E86CEA8D0CAED57C@postoffice.btitele.com>; from David.Edward.Shapiro@btitele.com on Fri, May 25, 2001 at 09:50:09AM -0400 Organization: BTU Cottbus, Allgemeine Elektrotechnik Sender: owner-ssh@clinet.fi Precedence: bulk On Fri, May 25, 2001 at 09:50:09AM -0400, David Edward Shapiro wrote: > I am fairly familiar now with how to configure using either egd or prngd > because I have been trying to get this to work for weeks now. It was last > configured with prngd and I tested prgnd with egc.pl /var/run/egd-pool read > 255 and that worked fine. I ran truss, which watches library calls and > other things (ports accessed, permissions on open files, etc.) and saw it > get to the point where it just cycles through the getpid() and time() > forever. If I kill -1 ssh-keygen (yes, ssh-keygen) it skips past the dsa > key generation and completes the rsa key generation fine. I would need to > know from the code or somebody familiar with the code why it might be > cycling through these two function calls forever. It is hard to say from here, what is going on. getpid() and time() are used inside RAND_poll() (openssl/crypto/rand/rand_win.c; don't care about the file name, it also includes code for the Unix-platforms). RAND_poll() is only called once: if (!initialized) { RAND_poll(); initialized = 1; } If it would be an error within OpenSSL (in which case it would be caused by a compiler bug, as the sequence above will hardly fail), it would be in the OpenSSL PRNG and therefore would be triggered every time random numbers are requested, so it would also fail in the RSA case. I therefore rule out OpenSSL. Consequently the problem should be located in OpenSSH. I did a grep for getpid() in the OpenSSH-2.9p1 source and the most probable place seems to be entropy.c:stir_from_system(). You should however see more calls like getuid(), getgid()... Also, stir_from_system() is called once from seed_rng() which is called once from ssh-keygen.c:main(). I don't see a loop that would cause the symptoms described. I am running ssh-keygen successfully on Linux... I just try to run it on HP-UX: it is hanging. (All dsa keys for HP-UX have been generated long time ago, so I didn't use -t dsa lately.) It doesn't show symptoms like yours... Ah, there it is, after 3-4 minutes. [Recompiling with -g... It is working in DSA_generate_paramters... and succeeding at some point in time..] Therefore I cannot reproduce your symptoms and I don't see another option than to recompile with -g and run it under a debugger to see where it is looping. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153