LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2014, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2014, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: sshd going down.
From:	"Johnson, Tracy" <[log in to unmask]>
Reply To:	Johnson, Tracy
Date:	Thu, 23 Jan 2014 20:23:18 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (1 lines)

Asimov's solution to entropy:



"Let there be light."





Tracy Johnson

Office (757) 766-4318

[log in to unmask]





> -----Original Message-----

> From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On

> Behalf Of [log in to unmask]

> Sent: Thursday, January 23, 2014 3:06 PM

> To: [log in to unmask]

> Subject: Re: [HP3000-L] sshd going down.

> 

> Olav,

> 

> If I had to guess - the problem is most likely to be a shortage of 'entropy'.

> 

> IRRC MPE/iX and HP-UX are alike in that they don't have a 'kernel

> entropy/random data source' - as Linux and some other Un*x's do.

> 

> Under MPE/iX we have 'EGD' (the Entropy Gathering Daemon) to generate the

> 'random' data that ssh/sshd/sftp/scp needs to work properly.  Making the

> initial connection requires the most amount - and can easily 'drain' the entropy

> source.  Lots of connections means lots of random data needed.  No random

> data=no encryption - so 'ssh' based things nearly always 'stop'.  I suspect that

> the HP-UX port uses EGD as well. (ssh's second biggest use of random data

> is to pad out transmission blocks that aren't full).

> 

> Check your entropy source - and make sure it's producing sufficient quantity

> of 'random' data.

> 

> The 'EGD' used w/the MPE/iX port of OpenSSH is written in Perl and can be

> customized to specify more sources, if necessary.  Each system's

> usage/access profiles will help determine what things can be 'harvested' for

> this data.  Ideally, it should be 'non-determinant' data (stuff you can't predict

> or influence), in order to keep the data sufficiently random.

> 

> If your 'UX' system's entropy source isn't producing enough - there are several

> alternatives that produce more 'random' data than EGD does, with the trade-

> off of it not being quite as 'random'.  Let me know if you need pointers to

> these alternatives.

> 

> If that's not it - check the nohup.out for the sshd or pipe the output into a log-

> file, looking for more clues.  If necessary, you can specify either '-v' options

> to get trace data.  Is this a 'one off' event, or a recurring problem?  What kind

> of activity is occuring during the failures?

> 

> If you don't want to post potentially sensitive debugging data - feel free to

> contact me off-list.

> 

> Thx,

> 

> -Brian Edminster

> Applied Technologies, Inc

> 

> * To join/leave the list, search archives, change list settings, *

> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *



* To join/leave the list, search archives, change list settings, *

* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU