fatal: PRNG is not seeded
Posted: Thu May 19, 2005 2:30 pm
After enabling grsec on a gentoo system and following a learning period involving multiple ssh logins, ssh now fails with the following error message:
fatal: PRNG is not seeded
The following are example subject entries generated by gradm's
learning mode
subject /usr/bin/ssh o {
/ h
/dev h
/dev/tty rw
/dev/urandom r
/etc r
/etc/ssh h
/etc/ssh/ssh_config r
/etc/grsec h
/etc/shadow h
/home h
/home/user_name_removed/.ssh
/home/user_name_removed/.ssh/id_dsa r
/home/user_name_removed/.ssh/id_dsa.pub r
/home/user_name_removed/.ssh/known_hosts ra
/usr h
/usr/bin/ssh x
/usr/lib rx
/lib rx
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip
connect XXX.XXX.XXX.XXX/32:53 dgram udp
connect 127.0.0.1/32:22 stream tcp
}
subject /usr/sbin/sshd o {
/ h
/bin h
/bin/bash x
/dev h
/dev/log rw
/dev/pts/2 rw
/dev/pts/6 rw
/dev/tty rw
/etc h
/etc/security/pam_env.conf r
/home h
/home/user_name_removed
-CAP_ALL
bind disabled
connect disabled
}
If any one has any ideas, I would greatly appreciate them. If more details are required, I will gladly post them.
Thanks in advance,
Chris
fatal: PRNG is not seeded
The following are example subject entries generated by gradm's
learning mode
subject /usr/bin/ssh o {
/ h
/dev h
/dev/tty rw
/dev/urandom r
/etc r
/etc/ssh h
/etc/ssh/ssh_config r
/etc/grsec h
/etc/shadow h
/home h
/home/user_name_removed/.ssh
/home/user_name_removed/.ssh/id_dsa r
/home/user_name_removed/.ssh/id_dsa.pub r
/home/user_name_removed/.ssh/known_hosts ra
/usr h
/usr/bin/ssh x
/usr/lib rx
/lib rx
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip
connect XXX.XXX.XXX.XXX/32:53 dgram udp
connect 127.0.0.1/32:22 stream tcp
}
subject /usr/sbin/sshd o {
/ h
/bin h
/bin/bash x
/dev h
/dev/log rw
/dev/pts/2 rw
/dev/pts/6 rw
/dev/tty rw
/etc h
/etc/security/pam_env.conf r
/home h
/home/user_name_removed
-CAP_ALL
bind disabled
connect disabled
}
If any one has any ideas, I would greatly appreciate them. If more details are required, I will gladly post them.
Thanks in advance,
Chris