SUMMARY: /dev/random not behaving on a solaris 8 machine

From: Christopher L. Barnard <cbar44_at_tsg.cbot.com>
Date: Tue Jul 30 2002 - 11:14:07 EDT
I asked:

> This happened to two of my Solaris 8 boxes over the weekend, and I do not
> know why.
> 
> Last week, I installed patch 111238 and removed ANDIrand.  I did the
> rem_drv random
> add_drv random
> and the random device /dev/random exists.  Ssh (OpenSsh 3.4p1) works fine.
> I am able to connect to the box and connect to other hosts from this box
> using ssh and scp, and had no problem.  This was last week.
> 
> This morning, I checked jobs that ran automatically over the weekend, and one
> failed.  A job tried to scp to another host and ssh responded back
> PRNG is not seeded
> I checked and the /dev/random device *does* exist
> (~) cmstst 54 % ls -lFa /dev/random
> lrwxrwxrwx   1 root     other         33 Jul 23 14:42 /dev/random -> ../devices/pseudo/random@0:random
> (~) cmstst 55 % ls -lFa /devices/pseudo/random@0:random
> crw-------   1 root     sys      195,  0 Jul 29 10:51 /devices/pseudo/random@0:random
> 
> I backed out patch 111238 and reinstalled it, and after the install I did 
> two additional steps as well:
> rem_drv random
> add_drv random
> modload /kernel/drv/random
> dd if=/dev/mem bs=512 count=16 2>&- | crypt $RANDOM > /dev/random
> 
> The /dev/random device exists, but I still get the "PRNG is not seeded"
> error. Any ideas what else to check?
> 
> TIA

The answer:

permissions.

/devices/pseudo/random@0:random and urandom were only readable by root, for
some odd reason.  adding read permission to group and to world fixed the
problem.

by the way, to let several people know who said you must do a reboot:  no
you do not.  (want to start me ranting and raving?  ask me what I think of
winblows) The "rem_drv random" removes any existing random number kernel
module (like ANDIrand or PRNGD or whatever) and "add_drv random" will enable
112438.  There will still be a /reconfigure file for the next reboot, but
that will not hurt anything.  Several people have said that the modload and
dd command are also needed, but I have not needed to do those.

oh, and yes I mistyped the patch number above.  The  solaris 8 /dev/random
patch is 112438.  I am applying too many patches at once, I think... ;^)

Thanks to:

keith@smith.net
David Foster <foster@dim.ucsd.edu>
Graham Wood <rauxon@dragonhold.org>
Robert Brockway <robert@timetraveller.org>
"Beavers, Reginald" <RBeavers@seisint.com>
Christian Iseli <chris@ludwig-sun1.unil.ch>
"Heilke, Rainer" <Rainer.Heilke@atcoitek.com>
Dela Rosa Jaime <Jaime.DelaRosa@siemens.com.au>

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard@tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Jul 30 11:18:50 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:50 EST