OpenSSH 3.1p1 introduced ssh-rand-helper, a subprocess to gather randomness for legacy OS's that still don't have /dev/urandom. Sadly here at HUT/CC as well we have a few mission critical servers that need ssh-rand-helper, but a static linking instead of external subprocess with hardcoded exec paths is preferred.
Created attachment 373 [details] This patch modifies ssh-rand-helper source, so that you can link randomness code staticly, like OpenSSH 3.0.2p1 used to do as only option.
Thanks, but we are trying to move the responsability for randomness collection further away from OpenSSH, rather than closer in. It just doesn't make sense for each app to do its own entropy collection. I'd prefer to deprecate ssh-rand-helper entirely and give all the responability to OpenSSL, but that is a matter for another release :)
Ah, that's good to hear. :) Maybe I'll glue out some issues with prngd in the future and use it with OpenSSL, so that I won't have to maintain ugly patch like this anymore.
Mass change of RESOLVED bugs to CLOSED