Patch Name: PHSS_27999

Patch Description: s700_800 11.04 Virtualvault 4.6 OpenSSH "sshctl" patch

Creation Date: 02/06/10

Post Date:  02/11/06

Hardware Platforms - OS Releases:
	s700: 11.04
	s800: 11.04

Products:
	Virtualvault A.04.60

Filesets:
	VaultTS.VV-OPENSSH,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP
	VaultTS.VV-CORE-CMN,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical: No

Category Tags:
	defect_repair general_release

Path Name: /hp-ux_patches/s700_800/11.X/PHSS_27999

Symptoms:
	PHSS_27999:
	   The Secure Shell daemon, sshd, may stop
	   responding during daemon startup if the
	   /dev/urandom device yields  insufficient
	   random data.

Defect Description:
	PHSS_27999:
	   The pseudo random number generator (prng),
	   ocrandom, generates random data for the
	   /dev/urandom device. At start time, sshd
	   requires random data and reads from
	   /dev/urandom. If /dev/urandom yields
	   insufficient random data, sshd may stop
	   responding until random data is available.
	   Generally, sshd is started during system
	   startup.

	
	Resolution:
	   A new program, sshctl, has been introduced
	   to start sshd. The sshctl program implements
	   a startup timeout mechanism.

Enhancement:
	No

SR:
	8606265183

Patch Files:
	
	VaultTS.VV-OPENSSH,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	/opt/vaultTS/bin/sshctl
	/usr/lib/nls/msg/C/vvts-openssh.cat
	/etc/auth/system/files.fcdb/25.patches/27999_PHSS.fcdb

	VaultTS.VV-CORE-CMN,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	/sbin/init.d/sshd

what(1) Output:
	
	VaultTS.VV-OPENSSH,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	/opt/vaultTS/bin/sshctl:
		$Source: openssh/src/util/sshctl.c, vaultTS, vaultTS
			_4.6 $ $Date: 02/10/22 01:25:02 $ $Revision:
			 1.8 PATCH_11.04 (PHSS_27999) $
	/etc/auth/system/files.fcdb/25.patches/27999_PHSS.fcdb:
		99  1.1  27999_PHSS.fcdb, vaultTS, vaultTS_4.6 10/08
			/02 09:03:02, PHSS_27999
	/usr/lib/nls/msg/C/vvts-openssh.cat:
		None

	VaultTS.VV-CORE-CMN,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	/sbin/init.d/sshd:
		63  1.5  src/host/sbin/init.d/sshd, vaultTS, vaultTS
			_4.6 08/26/02 05:27:13, PHSS_27263, Hewlett-
			Packard Company
		63  1.5  src/host/sbin/init.d/sshd, vaultTS, vaultTS
			_4.6 08/26/02 05:27:13

cksum(1) Output:
	
	VaultTS.VV-OPENSSH,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	73313939 28735 /opt/vaultTS/bin/sshctl
	3576899309 677 /etc/auth/system/files.fcdb/25.patches/
		27999_PHSS.fcdb
	2864442368 793 /usr/lib/nls/msg/C/vvts-openssh.cat

	VaultTS.VV-CORE-CMN,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP:
	3137622450 1834 /sbin/init.d/sshd

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes: None

Equivalent Patches: None

Patch Package Size: 70 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHSS_27999

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHSS_27999.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHSS_27999.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHSS_27999.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHSS_27999.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHSS_27999.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions:
	1. The patch does not change the existing mechanism
	   for starting the sshd server. The server should
	   still be started by root using the command -
	   "/sbin/init.d/sshd start"

	   The newly introduced sshctl program will be
	   called by the /sbin/init.d/sshd startup script with
	   a default timeout value of 150 seconds. If
	   this value needs to be modified, edit the TIMEOUT
	   value in the /sbin/init.d/sshd script to the
	   appropriate value.

	2. As the patch stops the OpenSSH server during patch
	   installation, all logins via OpenSSH will be
	   terminated.

	   Hence installation of this patch through "ssh"
	   sessions is strongly discouraged. Patch installation
	   should be done via a normal login session only.

	3. Upon installation and removal of this patch, sshd
	   server is automatically started.

	   If the running of sshd server is not intended,
	   the sshd server could be stopped using the command
	   "/sbin/init/sshd stop".