Ronald B. Miller wrote:
> I recently installed OpenSSH 3.9p1 on an AIX 5.1 system. Since then we have
> noticed that ssh_rand_helper has started netstat commands (from
> ssh_prng_cmds) that don't finish quickly and cause the CPU to jump to almost
> no idle for extended lengths of time - usually about 20 minutes or so.


Which variants of the netstat command are causing the problem? You can
run ssh-rand-helper -vvv on its own and watch its progress.

If there are processes hanging around after ssh-rand-helper times them
out it means they're ignoring a SIGINT, so either it's being
deliberately caught or (more likely) the command is stuck in a syscall.

> I have commented out the netstat commands in the ...cmds file and wonder if
> anyone has either a warning about doing that or a better resolution to my
> problem. Thanks in advance.


The best long-term solution is to use prngd instead of the built-in
entropy gatherer.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.