The file "ssh_prng_cmds", used for entropy generation on systems like solaris that lack a decent /dev/random, contains an incorrect "arp" entry. In particular, the command run is: "arp -a -n" /usr/sbin/arp 0.02 Unfortunately, in Solaris8, the "-n" command (no host lookups) is not supported. As a result, when this command is run on a solaris box that has arp entries in its cache that it cannot resolve -- either via a local nameserver or a remote one -- then this command hangs, for a very, very long time. Some results of this hang are: - sshd will take 10+ minutes to start on boot - sshkeygen commands progres very, very slowly This situation arose when I had a Solaris box installed in a private 10.x network, running named locally with itself as the only DNS server in /etc/resolv.conf. However, the box was sitting on a LAN with other boxes in a subnet outside of the range that the Solaris box was authoratative for, and so its arp cache had entries that it could not resolve locally. My suggested fix to this bug is to remove the "arp" command from ssh_prng_cmds on Solaris.
Aside: this bug also existed in previous versions of opensshd. My bad for not reporting it earlier.
The timeout bug in ssh-rand-helper (bugid 400) has been fixed. Try this patch: http://bugzilla.mindrot.org/attachment.cgi?id=156&action=view
As Darren noted, the hang bug has been fixed. You can always edit the prng conf file, or (better) install a /dev/random (there is one available for Sun, check the list archives) or PRNGd.
Its good to know the hang is fixed -- in 3.5p1 I assume? I'd still suggest removing the arp command on solaris -- since its halfway or less throught the ssh_prng_cmds file, sshd is going to take longer to get good entropy on non /dev/random systems. We've made the patch (thanks!), and also plan to install the real /dev/random pkg available from Sun.
This is really a duplicate of Bug 323 that was fixed 14 Jul 2002 *** This bug has been marked as a duplicate of 323 ***
Mass change of RESOLVED bugs to CLOSED