I just put OpenSSH (from thewrittenword depot, er, depository) onto our
aging 745i workstation running 10.20. It seems to have set everything
up properly, including PRNGd, so I rebooted the machine. It's now been
sitting there at the "Start OpenSSH daemon" stage of startup for about
15 minutes now. Is this normal, at first I thought it must be taking
it's time generating the keys, now I'm not so sure. I'm not hugely
experienced with system administration, I just use it to run
instrumentation and need ssh to get files on and off the system. Any
help, advice would be greatly appreciated.

Stewart

Stewart Smith wrote:
> I just put OpenSSH (from thewrittenword depot, er, depository) onto our
> aging 745i workstation running 10.20. It seems to have set everything
> up properly, including PRNGd, so I rebooted the machine. It's now been
> sitting there at the "Start OpenSSH daemon" stage of startup for about
> 15 minutes now. Is this normal, at first I thought it must be taking
> it's time generating the keys, now I'm not so sure. I'm not hugely
> experienced with system administration, I just use it to run
> instrumentation and need ssh to get files on and off the system. Any
> help, advice would be greatly appreciated.
>

Never mind, it must have just been generating keys, it's working now.

Stewart

Stewart Smith <nospam@ee.ed.ac.uk> writes:

> I just put OpenSSH (from thewrittenword depot, er, depository) onto our aging
> 745i workstation running 10.20. It seems to have set everything up properly,
> including PRNGd, so I rebooted the machine. It's now been sitting there at
> the "Start OpenSSH daemon" stage of startup for about 15 minutes now. Is this
> normal, at first I thought it must be taking it's time generating the keys,
> now I'm not so sure. I'm not hugely experienced with system administration, I
> just use it to run instrumentation and need ssh to get files on and off the
> system. Any help, advice would be greatly appreciated.

Maybe check the random number generation process.


>
> Stewart

Ulrich Windl wrote:
> Stewart Smith <nospam@ee.ed.ac.uk> writes:
>
>> I just put OpenSSH (from thewrittenword depot, er, depository) onto our aging
>> 745i workstation running 10.20. It seems to have set everything up properly,
>> including PRNGd, so I rebooted the machine. It's now been sitting there at
>> the "Start OpenSSH daemon" stage of startup for about 15 minutes now. Is this
>> normal, at first I thought it must be taking it's time generating the keys,
>> now I'm not so sure. I'm not hugely experienced with system administration, I
>> just use it to run instrumentation and need ssh to get files on and off the
>> system. Any help, advice would be greatly appreciated.
>
> Maybe check the random number generation process.
>

Well the way the depots set up the start up processes PRNGd was set to
start before sshd and did so successfully. I accidentaly stopped the
start up the first time round and rebooted. I left the machine to it
for a few hours and when I came back it was at the login screen. ssh
and the associated protocols seem to be working fine for remote access
now so it's not a problem. I think the etc/init.d/sshd file checks to
see if there are keys before trying to generate them so it should be
faster next time I have to take the machine down. Now I've just got to
deal with the damn security model in our school which means jumping
through hoops to access it remotely. This was set up thanks to
incorporating a load of insecure PCs into a network that was mainly *nix
before.

Stewart

Stewart Smith <nospam@ee.ed.ac.uk> writes:

[...]
> seem to be working fine for remote access now so it's not a problem. I think
> the etc/init.d/sshd file checks to see if there are keys before trying to
> generate them so it should be faster next time I have to take the machine
> down. Now I've just got to deal with the damn security model in our school

Please be aware that sshd needs randomness now and then, e.g. for creating
session keys. If your SSH takes more than three seconds to establish a new
connection, you may have a problem with your source of randomness.

> which means jumping through hoops to access it remotely. This was set up
> thanks to incorporating a load of insecure PCs into a network that was mainly
> *nix before.
>
> Stewart

Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:
> Stewart Smith <nospam@ee.ed.ac.uk> writes:

> [...]
> > seem to be working fine for remote access now so it's not a problem. I think
> > the etc/init.d/sshd file checks to see if there are keys before trying to
> > generate them so it should be faster next time I have to take the machine
> > down. Now I've just got to deal with the damn security model in our school

> Please be aware that sshd needs randomness now and then, e.g. for
> creating session keys. If your SSH takes more than three seconds to
> establish a new connection, you may have a problem with your source
> of randomness.

Indeed, although I think may is the operative word. 10.20 implies old
PA hardware. Old PA hardware was not always "zippy" on crypto,
regardless of randomness.

rick jones
--
Wisdom Teeth are impacted, people are affected by the effects of events.
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

Rick Jones wrote:
> Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>> Stewart Smith <nospam@ee.ed.ac.uk> writes:
>
>> [...]
>>> seem to be working fine for remote access now so it's not a problem. I think
>>> the etc/init.d/sshd file checks to see if there are keys before trying to
>>> generate them so it should be faster next time I have to take the machine
>>> down. Now I've just got to deal with the damn security model in our school
>
>> Please be aware that sshd needs randomness now and then, e.g. for
>> creating session keys. If your SSH takes more than three seconds to
>> establish a new connection, you may have a problem with your source
>> of randomness.
>
> Indeed, although I think may is the operative word. 10.20 implies old
> PA hardware. Old PA hardware was not always "zippy" on crypto,
> regardless of randomness.
>

Yes, it's a 745i workstation. If there is a problem with randomness
will it show up in logs from PRNGd?

Stewart