- 论坛徽章:
- 0
|
OpenSSH3.8p1中文安装指引
自己来回答
Step Three: Getting Entropy
The next step in installation is to start the generation of entropy for use by openssl and openssh. This is done with the prngd program. To set this up, read the README.prngd file. Make sure you have /usr/local/sbin in your PATH first. Now go to your /var/log, /var/adm, or similar directories and look for some log files like messages, syslog, etc. Make sure you are logged in as root user and run
cat ....various log files from your /var/log or /var/adm directories... >; /usr/local/etc/prngd/prngd-seed
such as
- #cat syslog messages >; /usr/local/etc/prngd/prngd-seed
复制代码
Then run
- #mkdir /var/spool/prngd
- #/usr/local/sbin/prngd /var/spool/prngd/pool
复制代码
This should start up the prngd daemon and start generating entropy. You can check this by running
- #/usr/local/bin/egc.pl /var/spool/prngd/pool get
复制代码
which, if the egd package (see README.egd) is installed along with perl, will give a message like
- 32800 bits of entropy in pool
- indicating that the prngd is working.
复制代码
Note: Several users have pointed out that they may get a "RNG not seeded" message when trying to start sshd. This seems to be a new issue with openssl 0.9.7 versions. They point out that the OpenSSL FAQ says:
Starting with version 0.9.7, OpenSSL will automatically
look for an EGD socket at /var/run/egd-pool, /dev/egd-pool,
/etc/egd-pool and /etc/entropy.
and if they did a link like
ln -s /var/spool/prngd/pool /dev/egd-pool
or similar, the not seeded message above goes away and opnessh programs then work properly. |
|