improove entropy manuals

2011-05-31 23:09:30 +02:00 · 2011-05-31 23:09:30 +02:00 · bc60f31447
commit bc60f31447
parent 0e9135fc82
2 changed files with 46 additions and 25 deletions
--- a/openssh-5.8p1-entropy.patch
+++ b/openssh-5.8p1-entropy.patch
@ -89,7 +89,7 @@ diff -up openssh-5.8p2/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p2/op
 diff -up openssh-5.8p2/ssh.1.entropy openssh-5.8p2/ssh.1
 --- openssh-5.8p2/ssh.1.entropy	2010-11-20 05:21:03.000000000 +0100
 +++ openssh-5.8p2/ssh.1	2011-05-28 21:15:27.375920967 +0200
-@@ -1250,6 +1250,17 @@ For more information, see the
+@@ -1250,6 +1250,20 @@ For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
@ -98,19 +98,22 @@ diff -up openssh-5.8p2/ssh.1.entropy openssh-5.8p2/ssh.1
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.rhosts
 diff -up openssh-5.8p2/ssh-add.1.entropy openssh-5.8p2/ssh-add.1
 --- openssh-5.8p2/ssh-add.1.entropy	2010-11-05 00:20:14.000000000 +0100
 +++ openssh-5.8p2/ssh-add.1	2011-05-28 21:16:43.891859186 +0200
-@@ -158,6 +158,17 @@ Identifies the path of a
+@@ -158,6 +158,20 @@ Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
 .El
@ -119,19 +122,22 @@ diff -up openssh-5.8p2/ssh-add.1.entropy openssh-5.8p2/ssh-add.1
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/identity
 diff -up openssh-5.8p2/ssh-agent.1.entropy openssh-5.8p2/ssh-agent.1
 --- openssh-5.8p2/ssh-agent.1.entropy	2010-12-01 01:50:35.000000000 +0100
 +++ openssh-5.8p2/ssh-agent.1	2011-05-28 21:13:10.086864993 +0200
-@@ -198,6 +198,20 @@ sockets used to contain the connection t
+@@ -198,6 +198,23 @@ sockets used to contain the connection t
 These sockets should only be readable by the owner.
 The sockets should get automatically removed when the agent exits.
 .El
@ -143,19 +149,22 @@ diff -up openssh-5.8p2/ssh-agent.1.entropy openssh-5.8p2/ssh-agent.1
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff -up openssh-5.8p2/sshd.8.entropy openssh-5.8p2/sshd.8
 --- openssh-5.8p2/sshd.8.entropy	2010-11-05 00:20:14.000000000 +0100
 +++ openssh-5.8p2/sshd.8	2011-05-28 21:13:10.241861760 +0200
-@@ -937,6 +937,20 @@ concurrently for different ports, this c
+@@ -937,6 +937,23 @@ concurrently for different ports, this c
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .El
@ -167,19 +176,22 @@ diff -up openssh-5.8p2/sshd.8.entropy openssh-5.8p2/sshd.8
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh SEE ALSO
 .Xr scp 1 ,
 .Xr sftp 1 ,
 diff -up openssh-5.8p2/ssh-keygen.1.entropy openssh-5.8p2/ssh-keygen.1
 --- openssh-5.8p2/ssh-keygen.1.entropy	2010-11-05 00:20:14.000000000 +0100
 +++ openssh-5.8p2/ssh-keygen.1	2011-05-28 21:13:10.389856432 +0200
-@@ -655,6 +655,20 @@ Contains Diffie-Hellman groups used for
+@@ -655,6 +655,23 @@ Contains Diffie-Hellman groups used for
 The file format is described in
 .Xr moduli 5 .
 .El
@ -191,19 +203,22 @@ diff -up openssh-5.8p2/ssh-keygen.1.entropy openssh-5.8p2/ssh-keygen.1
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff -up openssh-5.8p2/ssh-keysign.8.entropy openssh-5.8p2/ssh-keysign.8
 --- openssh-5.8p2/ssh-keysign.8.entropy	2010-08-31 14:41:14.000000000 +0200
 +++ openssh-5.8p2/ssh-keysign.8	2011-05-28 21:17:32.399856797 +0200
-@@ -78,6 +78,20 @@ must be set-uid root if host-based authe
+@@ -78,6 +78,23 @@ must be set-uid root if host-based authe
 If these files exist they are assumed to contain public certificate
 information corresponding with the private keys above.
 .El
@ -215,12 +230,15 @@ diff -up openssh-5.8p2/ssh-keysign.8.entropy openssh-5.8p2/ssh-keysign.8
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
-+is set to nonzero value
+environment variable is set to value other than
+.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
-+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
+Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
-+random generator. Insuifficient entropy causes the blocking conection.
+random generator because insufficient entropy causes the connection to 
+be blocked until enough entropy is available.
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-keygen 1 ,
--- a/openssh.spec
+++ b/openssh.spec
@ -74,7 +74,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.8p2
-%define openssh_rel 4
+%define openssh_rel 5
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 31

@ -739,6 +739,9 @@ exit 0
 %endif

 %changelog
+* Tue May 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-5 + 0.9.2-31
+- improove entropy manuals
+
 * Fri May 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-4 + 0.9.2-31
 - improove entropy handling
 - concat ldap patches