PRNG is not seeded
Rob Kottler
me.
I am using SCO Open Server 5.0.4 and have installed ...
$ ssh -V
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
This happens:
# ./ssh-rand-helper
Couldn't connect to PRNGD socket "/usr/local/var/prngd/prngd-pool":
Connection r
efused
Entropy collection failed
and I keep getting the message "PRNG is not seeded" . The prngd daemon
is running : witness ...
root 23675 1 0 14:44:59 ? 00:00:00 /usr/local/sbin/prngd
/usr/
local/var/run/egd-pool
I have sculled around for two full days to try an find an answer, and
in depseration I must ask for help.
Jean-Pierre Radley
| I am sure that this has been discussed before, but can someone help
| me.
|
| I am using SCO Open Server 5.0.4 and have installed ...
| $ ssh -V
| OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
You compiled this yourself?
| This happens:
| # ./ssh-rand-helper
| Couldn't connect to PRNGD socket "/usr/local/var/prngd/prngd-pool":
| Connection r
| efused
| Entropy collection failed
I have ssh going on many OSR 5 machines, but noe of them has, or even
needs, ssh-rand-helper.
| and I keep getting the message "PRNG is not seeded" . The prngd daemon
| is running : witness ...
| root 23675 1 0 14:44:59 ? 00:00:00 /usr/local/sbin/prngd
| /usr/
| local/var/run/egd-pool
And does that FIFO even exist?
| I have sculled around for two full days to try an find an answer, and
| in depseration I must ask for help.
--
JP
Rob Kottler
> And does that FIFO even exist?
$ cd /usr/local/var/run
/usr/local/var/run (bob)
$ l
total 0
prwxrwxrwx 1 root sys 0 Mar 25 15:19 egd-pool
Rob Kottler
and compiled and installed it - no visible problems, then downloaded
openssh-3.7.1p2.tar.gz from ftp.jpr.com, and "./configure"
returned with
checking whether snprintf correctly terminates long strings... no
configure: WARNING: ****** Your snprintf() function is broken,
complain to your
vendor
checking whether getpgrp takes no argument... yes
checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.
Sadly, this means to me it's not working. Why, I could not say! Is
there some advice here for me?
Jean-Pierre Radley
You could just grab the OSR 5 binary from my site instead.
--
JP
Rob Kottler
> You could just grab the OSR 5 binary from my site instead.
And that would be ftp://ftp.jpr.com/pub/??
Jean-Pierre Radley
| Jean-Pierre Radley <j...@jpr.com> wrote in message news:<20040326160...@jpradley.jpr.com>...
|
| > You could just grab the OSR 5 binary from my site instead.
|
| And that would be ftp://ftp.jpr.com/pub/??
Yes, sorry...
--
JP
Rob Kottler
I have read and stared at ftp://ftp.jpr.com/pub and cannot figure out
which binary I should be downloading
Jean-Pierre Radley
Please explain why the .message file you see when you enter
ftp.jpr.com/pub is unclear, and I'll be happy to modify it.
--
JP
Rob Kottler
# /etc/init.d/prngd enable
Enabling prngd ... Done
# /etc/init.d/sshd enable
Enabling sshd ... Done
# /etc/init.d/prngd start
Starting prngd:
# /etc/init.d/sshd start
Starting sshd
PRNG is not seeded
#
# cat prngd.log
dynamic linker: /usr/local/prngd/prngd: relocation error: symbol not found: _mco
unt
su: 3316 Killed
Now where can I go now. I'm going round in a circle !!
Brian K. White
Somehow you got a version of prngd that was linked against the profiling
version of one or all of it's libraries, but you don't have the profiling
versions of those libraries on your system? ... Hmm, no, on a recent 5.0.7
install of mine, the word "mcount" does appear in my /etc/in.prngd also and
I certainly never went out of my way to install or use the profiling
libraries or profiling versions of programs, so maybe it's just part of the
way prngd works.
what does this command show?
ldd /etc/in.prngd
mine shows this:
/etc/in.prngd needs:
/usr/lib/libsocket.so.2
/usr/lib/libc.so.1
/usr/lib/libsocket.so.2 needs:
/usr/lib/libresolv.so.1
I have gwxlibs and mp1 installed on this box too, but ssh worked right from
the initial install, and I did the install myself.
wait... I just saw above: "/usr/local/prngd/prngd"
I thought we were talking about a stock install that didn't work?
You need to run:
ldd /usr/local/prngd/prngd
and post the results here.
You probably just need to install oss646b to get your libraries all up to
the latest versions so that you can run programs that other people have
compiled on newer boxes han yours.
Where exactly did you get your prngd and ssh from? and have you installed
more than one version from more than one different source over top of each
other when one didn't work? all the different packages out there do not work
the same way and having a mixture of more than one package on one box is
just begging for problems. completely uninstall prngd and ssh and verify
that there are no traces of either anywhere, then install one set, following
the directions that came with it.
JP's is probably going to be the easiest to get going, as well as being the
most current version I know of.
Mine: http://www.aljex.com/bkw/sco is only 3.7.1p2 and is only easy to
install on 5.0.7
SCO's: ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-3.7.1p2/ claims to
only be installable on 5.0.7 but in reality it's just that it's only _easy_
on 5.0.7 because the binaries and scripts all expect to work as drop-in
replacements for the same things already existing on 5.0.7.
In both of those cases, you can install it on earlier boxes to at least
5.0.4 but you have to resolve library dependancies (usually just means
install oss646b) and create/copy/hack start scripts yourself. 5.0.7's prngd
and ssh start script arrangement is pretty weird and not easy to copy to a
pre-5.0.7 box unless you can do just that, _copy_ a few files from a 5.0.7
box, which of course, no one can explicitly write instructions that say to
do that.
JP's on the other hand is more current at 3.8.1p1 and though I haven't
looked at his package myself, I would bet that he has brief instructions and
self-contained stand-alone simple startup scripts that would be a lot easier
to set up on a pre-5.0.7 box that never had any prngd or ssh before and any
dependancies would be relatively simple to identify and satisfy.
--
Brian K. White -- br...@aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO Prosper/FACTS AutoCAD #callahans Satriani
Rob Kottler
dynamic linker: ./prngd: file loaded: /usr/lib/libsocket.so.2
dynamic linker: ./prngd: file loaded: /usr/lib/libnsl.so
dynamic linker: ./prngd: file loaded: /usr/lib/libc.so.1
dynamic linker: ./prngd: file loaded: /usr/lib/libresolv.so.1
And this is from JP's site, and no other ssh was installed
Brian K. White
hmm. odd. no obvious problems there.
Do you have oss646b installed? If not, and your box is less than 5.0.7,
install it and try again.
Ideally I'd next want to see a ls -lL listing of those files from your and
his systems to compare them.
I guess it's up to jp to comment now and say what version of osr he built on
with what possibly relevent patches.
Jean-Pierre Radley
| Rob Kottler wrote:
| > /usr/local/prngd on nsupp (777)->ldd ./prngd
| > dynamic linker: ./prngd: file loaded: /usr/lib/libsocket.so.2
| > dynamic linker: ./prngd: file loaded: /usr/lib/libnsl.so
| > dynamic linker: ./prngd: file loaded: /usr/lib/libc.so.1
| > dynamic linker: ./prngd: file loaded: /usr/lib/libresolv.so.1
| >
| > And this is from JP's site, and no other ssh was installed
|
| hmm. odd. no obvious problems there.
| Do you have oss646b installed? If not, and your box is less than 5.0.7,
| install it and try again.
|
| Ideally I'd next want to see a ls -lL listing of those files from your and
| his systems to compare them.
|
| I guess it's up to jp to comment now and say what version of osr he built on
| with what possibly relevent patches.
I have seen at least three versions (different dates, different sizes) of
libsocket.so.2 and libresolv.so.1 on OSR 5.0.5 or 5.06, because at least
that many CSSA or other updates/patches from SCO contained different
bags-o-bytes for those two libraries.
Do try installing oss646b, which I think has the latest versions, but in
that case the ssh package that I made for 5.0.6 may not work, and you
should use the one for 5.0.7
--
JP
Rob Kottler
.
.
.
.
>
> Do try installing oss646b, which I think has the latest versions, but in
> that case the ssh package that I made for 5.0.6 may not work, and you
> should use the one for 5.0.7
I downloaded this from ftp.sco.com
* OSS646B - Execution Environment Supplement (ver 1.1.0j)
OSS646B - UNIX Runtime System Update for 507 (id OSS646B.507.SCO.
OSS646B - UNIX Runtime System Update for 506,505,504 (id OSS646B.
OSS646B - TCP/IP Runtime Update (id OSS646B.507.SCO.tcp)
OSS646B - Development System Update for 507 (id OSS646B.507.SCO.u
OSS646B - Development System Update for 506,505,504 (id OSS646B.5
OSS646B - C++ Development System Update (id OSS646B.507.SCO.cplus
OSS646B - TCP/IP Development System Update (id OSS646B.507.SCO.tc
OSS646B - NFS Development System Update (id OSS646B.507.SCO.nfsde
OSS646B - CDMT Toolkit Update (id OSS646B.506.SCO.cdmt)
and when I try to install with custom it do this:
(\) The custom+ binary (backend) process has died.
----------------------------------------------------
[ OK ] [ Details... ]
Details:
Message id "INSTALL_ALREADY_NOT_APPLIED_PATCH" not in the current context.
I am floundering !!
Rob Kottler
Brian K. White
> Nobody can help here with the oss646b patch problem
Just for the record, I have just yesterday installed JPR's openssh binaries
on a 5.0.6 box and it's running fine.
They didn't run at first because I didn't have prngd. I installed prngd from
one I built but I had to supply my own prngd start/stop script and
prngd.conf file which I can't supply since all I did was copy them from a
5.0.7 box.
The source package for prngd actually includes a sample rc start script and
prngd.conf file for sco systems, you could try to use those. The binary I
used and the source package it came from are here
http://www.aljex.com/bkw/sco/prngd-0.9.27.tar.bz2
What _I_ did though was,
wget -q -O - http://www.aljex.com/bkw/sco/prngd-0.9.27.tar.bz2 |bzcat |tar
xvf -
cp prngd-0.9.27/prngd /etc/in.prngd
copied /etc/prngd and /etc/prngd.conf from a 5.0.7 box
inserted the following 4 lines marked "new>" in /etc/tcp starting at line
178
if [ "$do_remainder" = 1 ]; then
dspmsg $MF_TCPRC -s $MS_TCPRC $STARTING "Starting TCP
services: "
new> if [ -x /etc/prngd ]; then
new> /bin/su root -c '/etc/prngd restart > /dev/null
2>&1'
new> echo "prngd \c"
new> fi
if [ -x /etc/inetd ]; then
SDD=`who -a | grep -s "^sdd " | grep -v exit`
I also added "|prngd" to the ALLPROCS line near the top.
then /etc/tcp stop ; /etc/tcp start and then prngd was running
(the 5.0.7 /etc/tcp has more than that, I think it makes prngd available in
single-user as well as multi-user, and tries to gracefully handle switching
between the two. I didn't care about that.)
once prngd was running openssh worked fine.
This 5.0.6 box has
oss646b
gnutools5.0.7Kj
gwxlibs1.3.2Ag
You probably only need oss646b, but it won't hurt to install gwxlibs after
that.
gnutools you shouldn't need.
Tom Parsons
| Rob Kottler wrote:
| > Nobody can help here with the oss646b patch problem
|
| Just for the record, I have just yesterday installed JPR's openssh binaries
| on a 5.0.6 box and it's running fine.
|
| They didn't run at first because I didn't have prngd. I installed prngd from
| one I built but I had to supply my own prngd start/stop script and
| prngd.conf file which I can't supply since all I did was copy them from a
| 5.0.7 box.
Huh!
I've installed JP's packages on 5.0.6 several times in the last month
and have never had to go through those gyrations.
I seem to remember a complaint about prngd not starting on one installation
but reviewing the instructions found the solution for me.
However, none of these machines has OSS646b installed.
--
==========================================================================
Tom Parsons t...@tegan.com
==========================================================================
Jean-Pierre Radley
| Rob Kottler wrote:
| > Nobody can help here with the oss646b patch problem
|
| Just for the record, I have just yesterday installed JPR's openssh binaries
| on a 5.0.6 box and it's running fine.
|
| They didn't run at first because I didn't have prngd. I installed prngd from
| one I built but I had to supply my own prngd start/stop script and
| prngd.conf file which I can't supply since all I did was copy them from a
| 5.0.7 box.
Say what? I certainly see prngd files in my tarball...
--
JP
Brian K. White
huh? ... Ah I see...
I must have installed this file openssh3.8.1p1.tar.bz2
which has only ssh
instead of this file openssh4osr5.tar.bz2
which has both ssh and prngd
Jean-Pierre Radley
| Jean-Pierre Radley wrote:
| > Brian K. White typed (on Thu, Apr 15, 2004 at 12:19:59PM -0400):
| >> Rob Kottler wrote:
| >>> Nobody can help here with the oss646b patch problem
| >>
| >> Just for the record, I have just yesterday installed JPR's openssh
| >> binaries on a 5.0.6 box and it's running fine.
| >>
| >> They didn't run at first because I didn't have prngd. I installed
| >> prngd from one I built but I had to supply my own prngd start/stop
| >> script and prngd.conf file which I can't supply since all I did was
| >> copy them from a
| >> 5.0.7 box.
| >
| > Say what? I certainly see prngd files in my tarball...
|
| huh? ... Ah I see...
| I must have installed this file openssh3.8.1p1.tar.bz2
| which has only ssh
| instead of this file openssh4osr5.tar.bz2
| which has both ssh and prngd
That file would have been source code, not binaries,
and it's not even quite the right name.
--
JP
Brian K. White
right, like a dope I downloaded openssh4osr507.tar.bz2 and then renamed it
sometime later
The proof is I have /usr/local/fix/ssh507/README
Rob Kottler
> Nobody can help here with the oss646b patch problem
Still no answer on why the patch won't install
Brian K. White
Have you posted any error messages?
I don't have a clue what you are talking about.
Generally when custom fails to install something there is an error message
and a "more details" button that yeilds , well more details.
Post those here.
Or if you already did, then now you know why you should quote some context
if the message would be meaningless without that context. You of course have
all the necessary context in your head, so the message might not look
meaningless to you, but I don't. It doesn't help if you had previously
posted the details either. Each post basically needs to stand on it's own.
Rob Kottler
When I try to install oss646b, I encounter a problem. I have posted
this under another post because the 'prndg NOT SEEDED' topic was not
pertinent (thinks)
Brian K. White
I think the lack of further responses at this point just indicates that it's
not a common error and thus not a common problem, which means it's time t
pay someone to investigate it.
Tony Lawrences site lists a bunch of consultants in various locations, maybe
one is nearby, but this probably does not require than a dialup or telnet
access. (obviously ssh is out! :)
Then again, I googled for that message and came right up with:
http://www.aplawrence.com/Bofcusm/151.html
So, which of oss646b's prerequisites don't you have?
You did read the directions in oss646b.ltr right?
Looks like for 5.0.7 there are no specific prerequisites.
Ok back to plan A. Sick a consultant on it.
Something is definitely wrong with your box it looks like. The custom
backend doesn't die like that under any normal circumstance even if you try
to do something wrong like install a package that's not meant for your
system, it just sees the mismatch and says "no, we won't be installing
that", but doesn't crash.
custom probably left files in /tmp and /usr/tmp that can be looked at for a
starting point to track down what's really wrong.
Sometimes it's far from obvious what was wrong though. I've seen it fail
because of something unexpected in the environment and no actual custom or
database files had any errors. I've seen it lock up every time you try to
run it and be unkillable short of a reboot and thus impossible to install or
remove any packages at all because the tape drive was bad.
Rob Kottler
I also found that just before I went back to read the groups, and it
finally dawned what it meant ...
I suppose I must be contender for pain of the year award.
Got rs504C and installed that (for software manager update).
Then I installed rs504c altogether.
Then I installed oss646b and it was happy.
Then I installed JPR's openssh4os5.tar, and lo and behold ...
.
.
.netcare .>sshd start
Starting sshd
netcare .>PRNG is not seeded
.
.
now trying JPR's openssh4osr507 ... will inform for any who have
interest
Brian K. White
wait wait wait,
Did you start prngd before you tried to start sshd?
Try JP's 5.0.6 package first, since that includes prngd and you need it.
The 5.0.7 package does not include prngd because 5.0.7 not only already has
prngd but starts it up in weird way via /etc/tcp
then run
/etc/init.d/prngd enable
/etc/init.d/prngd start
check that it's really running by looking in ps. if it's not running after
issuing the start, then one of the libraries or something else is still
wrong. Either fix that or try some other version of prngd. try running the
sshd binary directly to see error messages that the start script my hide. Do
not even bother trying anything involving ssh until _some_ version of prngd
is up & running.
_then_ run
/etc/init.d/sshd enable
/etc/init.d/sshd start
also, 5.0.4?? did you mention that at some point? I wish you would have
retained the basic facts in the quoting. I thought you were using 5.0.6,
then I thought you were using 5.0.7. Such details make all the difference.
Bob Stockler
| Rob Kottler wrote:
[snip]
| > I also found that just before I went back to read the groups, and it
| > finally dawned what it meant ...
| > I suppose I must be contender for pain of the year award.
| >
| > Got rs504C and installed that (for software manager update).
| > Then I installed rs504c altogether.
| > Then I installed oss646b and it was happy.
| > Then I installed JPR's openssh4os5.tar, and lo and behold ...
| > .
| > Starting sshd
| > netcare .>PRNG is not seeded
|
| wait wait wait,
| Did you start prngd before you tried to start sshd?
|
| Try JP's 5.0.6 package first, since that includes prngd and you need it.
| The 5.0.7 package does not include prngd because 5.0.7 not only already has
| prngd but starts it up in weird way via /etc/tcp
|
| then run
| /etc/init.d/prngd enable
| /etc/init.d/prngd start
After this last command, execute:
echo $?
If it doesn't return 0 it failed. In that case see if
"/usr/local/prngd/prngd.log" holds anything of interest.
I had a problem on OSR 5.0.5 and found "Password expired"
in that file. Going into the Account Manager and changing
the password for the user "prngd" fixed it.
Bob
| check that it's really running by looking in ps. if it's not running after
| issuing the start, then one of the libraries or something else is still
| wrong. Either fix that or try some other version of prngd. try running the
| sshd binary directly to see error messages that the start script my hide. Do
| not even bother trying anything involving ssh until _some_ version of prngd
| is up & running.
|
| _then_ run
| /etc/init.d/sshd enable
| /etc/init.d/sshd start
|
| also, 5.0.4?? did you mention that at some point? I wish you would have
| retained the basic facts in the quoting. I thought you were using 5.0.6,
| then I thought you were using 5.0.7. Such details make all the difference.
--
Bob Stockler - b...@trebor.iglou.com
Author: MENU EDIT II - The BEST Creator/Editor/Manager for filePro User Menus.
Fully functional (time-limited) demos available by email request (specify OS).
Brian K. White
GRR I meant to say "try running the prngd binary directly..."
explicitly do not bother even thinking about the sshd binary before getting
prngd working.
sorry for the confusion.