2007-01-22 09:44:53 +08:00
|
|
|
.\" $Id: ssh-rand-helper.8,v 1.3 2007/01/22 01:44:53 djm Exp $
|
2002-04-14 17:27:12 +08:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2002 Damien Miller. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.Dd April 14, 2002
|
|
|
|
.Dt SSH-RAND-HELPER 8
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ssh-rand-helper
|
2007-01-22 09:44:53 +08:00
|
|
|
.Nd random number gatherer for OpenSSH
|
2002-04-14 17:27:12 +08:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm ssh-rand-hlper
|
|
|
|
.Op Fl vxXh
|
|
|
|
.Op Fl b Ar bytes
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm
|
2003-11-21 20:48:55 +08:00
|
|
|
is a small helper program used by
|
2002-04-14 17:27:12 +08:00
|
|
|
.Xr ssh 1 ,
|
|
|
|
.Xr ssh-add 1 ,
|
|
|
|
.Xr ssh-agent 1 ,
|
|
|
|
.Xr ssh-keygen 1 ,
|
2003-11-21 20:48:55 +08:00
|
|
|
.Xr ssh-keyscan 1
|
2002-04-14 17:27:12 +08:00
|
|
|
and
|
|
|
|
.Xr sshd 8
|
2003-11-21 20:48:55 +08:00
|
|
|
to gather random numbers of cryptographic quality if the
|
2002-04-14 17:27:12 +08:00
|
|
|
.Xr openssl 4
|
|
|
|
library has not been configured to provide them itself.
|
|
|
|
.Pp
|
2003-11-21 20:48:55 +08:00
|
|
|
Normally
|
2002-04-14 17:27:12 +08:00
|
|
|
.Nm
|
|
|
|
will generate a strong random seed and provide it to the calling
|
2003-11-21 20:48:55 +08:00
|
|
|
program via standard output. If standard output is a tty,
|
2002-04-14 17:27:12 +08:00
|
|
|
.Nm
|
|
|
|
will instead print the seed in hexidecimal format unless told otherwise.
|
|
|
|
.Pp
|
|
|
|
.Nm
|
|
|
|
will by default gather random numbers from the system commands listed
|
|
|
|
in
|
|
|
|
.Pa /etc/ssh/ssh_prng_cmds .
|
2003-11-21 20:48:55 +08:00
|
|
|
The output of each of the commands listed will be hashed and used to
|
|
|
|
generate a random seed for the calling program.
|
2002-04-14 17:27:12 +08:00
|
|
|
.Nm
|
2003-11-21 20:48:55 +08:00
|
|
|
will also store seed files in
|
2002-04-14 17:27:12 +08:00
|
|
|
.Pa ~/.ssh/prng_seed
|
|
|
|
between executions.
|
|
|
|
.Pp
|
2003-11-21 20:48:55 +08:00
|
|
|
Alternately,
|
2002-04-14 17:27:12 +08:00
|
|
|
.Nm
|
2003-11-21 20:48:55 +08:00
|
|
|
may be configured at build time to collect random numbers from a
|
2002-04-14 17:27:12 +08:00
|
|
|
EGD/PRNGd server via a unix domain or localhost tcp socket.
|
|
|
|
.Pp
|
2003-11-21 20:48:55 +08:00
|
|
|
This program is not intended to be run by the end-user, so the few
|
2002-04-14 17:27:12 +08:00
|
|
|
commandline options are for debugging purposes only.
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Fl b Ar bytes
|
|
|
|
Specify the number of random bytes to include in the output.
|
|
|
|
.It Fl x
|
|
|
|
Output a hexidecimal instead of a binary seed.
|
|
|
|
.It Fl X
|
|
|
|
Force output of a binary seed, even if standard output is a tty
|
|
|
|
.It Fl v
|
|
|
|
Turn on debugging message. Multiple
|
|
|
|
.Fl v
|
|
|
|
options will increase the debugging level.
|
2007-01-22 09:44:53 +08:00
|
|
|
.It Fl h
|
2002-04-14 17:27:12 +08:00
|
|
|
Display a summary of options.
|
|
|
|
.El
|
|
|
|
.Sh AUTHORS
|
|
|
|
Damien Miller <djm@mindrot.org>
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr ssh 1 ,
|
|
|
|
.Xr ssh-add 1 ,
|
|
|
|
.Xr ssh-keygen 1 ,
|
|
|
|
.Xr sshd 8
|