To make this work, put random_daemon someplace nice where a daemon can
live, e.g. /usr/sbin on the random number SERVER.  It can belong to
root, but should NOT be suid root as this is the darkest of evil.

Then, copy random_daemon.xinetd to /etc/xinetd.d/random_daemon.  It
shouldn't need any tweaking, I hope -- it works for me and is like
others I've built that work for me.

Then, make sure that xinetd (usually a package by itself) is installed
on your system and turned on.  On fedora that's just:

  yum install xinetd
  chkconfig xinetd on
  /etc/init.d/xinetd start

(although there are other ways to do it).  Make sure random_daemon is
turned on:

  chkconfig random_daemon on
  /etc/init.d/xinetd restart

where the latter restart shouldn't really be needed.  You can verify
that everything is working:

  chkconfig list

and at the bottom you should see random_daemon running (listening on
port 8885 by default, you can alter this in the xinetd config file if
you wish).

One last thing to do before it works.  In all probability, iptables is
running and will block access to all ports that aren't explicitly passed
through.  The easiest way to fix this is to run:

  system-config-firewall

and add a user-defined port at 8885.  Be sure to "apply" it when you're
done, then exit the tool.

Finally, time to test it!  Enter e.g.

  telnet localhost 8885

and you should see a message about a connection being made.  Press
enter.  You should see a few characters of garbage appear on the screen.
Press enter again.  A few more.  Again.  You get the idea.

The garbage is the shell's interpetation of raw binary.  To exit, press
Ctrl-] to get a telnet command line, enter quit.  This frees up the
port.  You MAY want to increase the number of simultaneous connections
permitted in the xinetd file if you plan to whack this with a zillion
cluster nodes all at once, or you may want them to poll the daemon until
they get a connection -- up to you.

If you want to see that the garbage really is four random bytes, you
have to make them readable -- if you COMMENT OUT the first dd line and
UNCOMMENT the fairly complicated for loop underneath in random_daemon,
then reconnect to the daemon with telnet.  A sample session both ways is
shown below:

rgb@lilith|B:1231>!te
telnet localhost 8885
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

 Bt

a@

^]
telnet> quit
Connection closed.


Or:

rgb@lilith|B:1234>telnet localhost 8885
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

|H0|N0|3`|%P|

|I`|&0|O0|-@|

|;0|(`|,`|I`|
^]
telnet> quit
Connection closed.

The stuff between the || pairs are uuencoded binary, and (as you can
see) look "pretty random".

On the nodes, you will need to write a script or binary that (for
example) opens a tcp connection to the master server on port 8885,
writes a CR/LF to it, reads four bytes of return, and writes them back
to e.g. /dev/random or whatever source is "sad" because of insufficient
entropy (I don't know if ssh can be made directly happy, maybe it can).

  Good luck!  

   Robert G. Brown (rgb@phy.duke.edu)

BTW, this code is provided as is, GPL v3, open source viral and all
that.  You can hack the heck out of it, but don't blame me if it doesn't
work or is insecure and your system is taken over by gremlins and you
lose a billion dollars as a consequence.

It Isn't My Fault if you use this code, no matter what happens.
