compiling openssh; need it small

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'm recompiling openssh for use on an ia-1 internet appliance.  (I have
to disable PAM.)  When running 'configure' I get this at the end of
config output:

   Random number source: OpenSSL internal ONLY

If I remember correctly, this should only be the case when /dev/random
is unavailable.  It is available on both build and target machines.
I've looked through the INSTALL notes & 'configure -h' output, but I
can't find a way to have ssh use /dev/random.

here's my configure parameters:

CFLAGS="-Os -mcpu=i586" ./configure --prefix=/usr --sysconfdir=/etc/ssh/
--without-pam --without-lastlog --without-skey --without-tcp-wrappers
--without-shadow --without-osfsia --without-4in6 --disable-utmp
--disable-utmpx --disable-wtmp --disable-wtmpx --disable-libutil
--disable-pututline --disable-pututxline --without-sectok
--without-opensc --without-kerberos5

Is there a way to force ssh to use /dev/random?

Mitch Z.

Re: compiling openssh; need it small

Quoted text here. Click to load it

No, that means OpenSSL considers itself to be self-seeded.  Go ahead
and build it, it should be fine.  If it's not, ssh/sshd will fail to
initialise with a "not seeded" error.

(Modern OpenSSL's will always check for /dev/[X]random device nodes
anyway, even if it wasn't present at build time.)

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline