I'm trying to compile openssh with openssl 3.1 on a linux machine with kernel 4.15.10. I seem to get stuck at: configure: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options I haven't done anything special in configuring openssl. If I have read the configuration for openssl correctly, with will default to the 'os' source, which I think then is getrandom(2). I think the check in openssh for this is a call to RAND_status(), which is apparently returning a failure. I can't compile without openssl, because I need to allow RSA keys. Any work arounds? Ideas follow. Compile openssh with /dev/urandom as the prngd-socket? Edit the configure script to force a success where RAND_status() is called? Call whatever openssl needs to initialize the random seed somewhere early in openssh startup? It may already do this, I see calls to RAND_seed() in sshd.c. More generally, would it make sense (on linux at least) to use getrandom() if available, or /dev/urandom otherwise regardless of whether or not openssl is used? -- nw _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
