Hi Dovetailers,
A problem that's popped up with a few people here previously is issues with the OpenSSH subsystem timing out creating a random number. We don't have many options with this one (a crypto card would be nice but for various reasons can't get one) but one of the things that may help is extending the PRNG timeout value via the environment variable _ZOS_SSH_PRNG_CMDS_TIMEOUT.
Any way to pass this into COZLNCH or will it get picked up by something like the user's .profile etc?
Cheers,
Ben
COZLNCH giving environment variables
Re: COZLNCH giving environment variables
You can configure environment variable for the Co:Z Laucher (on the z/OS side) by using the "server-env-XXXX=" configuration option.
For example:
you may want to put this in the defaults "COZCFGD" member if it is required at your installation.
As you may know, this workaround for the goofy ssh-rand-helper in IBM Ported Tools OpenSSH is not appealing. You are much better off if you could get a crypto card so that /dev/random was supported by ICSF. It would be nice if IBM would support /dev/random on z/OS without special hardware! Please submit a requirement if you agree with us.
For example:
Code: Select all
server-env-_ZOS_SSH_PRNG_CMDS_TIMEOUT 99999As you may know, this workaround for the goofy ssh-rand-helper in IBM Ported Tools OpenSSH is not appealing. You are much better off if you could get a crypto card so that /dev/random was supported by ICSF. It would be nice if IBM would support /dev/random on z/OS without special hardware! Please submit a requirement if you agree with us.
-
JohnMcKown
- Posts: 39
- Joined: Sat Nov 21, 2009 2:59 pm
Re: COZLNCH giving environment variables
Though I agree, what do you think the chances are that IBM will actually implement a free software update to eliminate a for-pay (to IBM) hardware requirement?
What I'd like is to be able to write my own code to implement "character special" devices such as /dev/random and /dev/urandom.
What I'd like is to be able to write my own code to implement "character special" devices such as /dev/random and /dev/urandom.
Re: COZLNCH giving environment variables
I suppose that they could also be implemented as a FIFO, with a daemon job to feed them (possibly a port of Fortuna, which employs z/OS entropy sources and maybe CPACF's RNG). But I don't think that it is out of the question that IBM would do it if enough customers submitted a requirement.
Re: COZLNCH giving environment variables
As you may know, this workaround for the goofy ssh-rand-helper in IBM Ported Tools OpenSSH is not appealing. You are much better off if you could get a crypto card so that /dev/random was supported by ICSF. It would be nice if IBM would support /dev/random on z/OS without special hardware! Please submit a requirement if you agree with us.
Re: COZLNCH giving environment variables
This was fixed by IBM several years ago.... if you are using ICSF HCR77A0 or later, you don't need a crypto card for random number support.
See: http://dovetail.com/docs/pt-quick-inst/ ... nst-random
See: http://dovetail.com/docs/pt-quick-inst/ ... nst-random