017ff1
diff --git a/entropy.c b/entropy.c
017ff1
index 2d483b3..b361a04 100644
017ff1
--- a/entropy.c
017ff1
+++ b/entropy.c
017ff1
@@ -234,6 +234,9 @@ seed_rng(void)
f09e2e
 	memset(buf, '\0', sizeof(buf));
f09e2e
 
f09e2e
 #endif /* OPENSSL_PRNG_ONLY */
f09e2e
+#ifdef __linux__
f09e2e
+	linux_seed();
f09e2e
+#endif /* __linux__ */
f09e2e
 	if (RAND_status() != 1)
f09e2e
 		fatal("PRNG is not seeded");
f09e2e
 }
017ff1
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
017ff1
index b912dbe..9206337 100644
017ff1
--- a/openbsd-compat/Makefile.in
017ff1
+++ b/openbsd-compat/Makefile.in
017ff1
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
f09e2e
 
1d31ef
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
f09e2e
 
017ff1
-PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
017ff1
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
f09e2e
 
f09e2e
 .c.o:
f09e2e
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
1d31ef
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
1d31ef
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
1d31ef
+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
1d31ef
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
1d31ef
 void oom_adjust_setup(void);
1d31ef
 #endif
1d31ef
 
1d31ef
+void linux_seed(void);
1d31ef
+
1d31ef
 #endif /* ! _PORT_LINUX_H */
017ff1
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
017ff1
new file mode 100644
017ff1
index 0000000..92a617c
017ff1
--- /dev/null
017ff1
+++ b/openbsd-compat/port-linux-prng.c
f09e2e
@@ -0,0 +1,59 @@
f09e2e
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
f09e2e
+
f09e2e
+/*
f09e2e
+ * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
f09e2e
+ *
f09e2e
+ * Permission to use, copy, modify, and distribute this software for any
f09e2e
+ * purpose with or without fee is hereby granted, provided that the above
f09e2e
+ * copyright notice and this permission notice appear in all copies.
f09e2e
+ *
f09e2e
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
f09e2e
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
f09e2e
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
f09e2e
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
f09e2e
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
f09e2e
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
f09e2e
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
f09e2e
+ */
f09e2e
+
f09e2e
+/*
f09e2e
+ * Linux-specific portability code - prng support
f09e2e
+ */
f09e2e
+
f09e2e
+#include "includes.h"
f09e2e
+
f09e2e
+#include <errno.h>
f09e2e
+#include <stdarg.h>
f09e2e
+#include <string.h>
f09e2e
+#include <stdio.h>
f09e2e
+#include <openssl/rand.h>
f09e2e
+
f09e2e
+#include "log.h"
f09e2e
+#include "xmalloc.h"
1d31ef
+#include "misc.h"      /* servconf.h needs misc.h for struct ForwardOptions */
f09e2e
+#include "servconf.h"
f09e2e
+#include "port-linux.h"
f09e2e
+#include "key.h"
f09e2e
+#include "hostfile.h"
f09e2e
+#include "auth.h"
f09e2e
+
f09e2e
+void
f09e2e
+linux_seed(void)
f09e2e
+{
f09e2e
+	char *env = getenv("SSH_USE_STRONG_RNG");
f09e2e
+	char *random = "/dev/random";
1d31ef
+	size_t len, ienv, randlen = 14;
f09e2e
+
f09e2e
+	if (!env || !strcmp(env, "0"))
f09e2e
+		random = "/dev/urandom";
f09e2e
+	else if ((ienv = atoi(env)) > randlen)
f09e2e
+		randlen = ienv;
f09e2e
+
f09e2e
+	errno = 0;
f09e2e
+	if ((len = RAND_load_file(random, randlen)) != randlen) {
f09e2e
+		if (errno)
f09e2e
+			fatal ("cannot read from %s, %s", random, strerror(errno));
f09e2e
+		else
f09e2e
+			fatal ("EOF reading %s", random);
f09e2e
+	}
f09e2e
+}
017ff1
diff --git a/ssh-add.0 b/ssh-add.0
017ff1
index ba43fee..0b2629a 100644
017ff1
--- a/ssh-add.0
017ff1
+++ b/ssh-add.0
f09e2e
@@ -82,6 +82,16 @@ ENVIRONMENT
f09e2e
              Identifies the path of a UNIX-domain socket used to communicate
f09e2e
              with the agent.
f09e2e
 
f09e2e
+     SSH_USE_STRONG_RNG
f09e2e
+             The reseeding of the OpenSSL random generator is usually done
f09e2e
+             from /dev/urandom.  If the SSH_USE_STRONG_RNG environment vari-
f09e2e
+             able is set to value other than 0 the OpenSSL random generator is
f09e2e
+             reseeded from /dev/random.  The number of bytes read is defined
f09e2e
+             by the SSH_USE_STRONG_RNG value.  Minimum is 14 bytes.  This set-
f09e2e
+             ting is not recommended on the computers without the hardware
f09e2e
+             random generator because insufficient entropy causes the connec-
f09e2e
+             tion to be blocked until enough entropy is available.
f09e2e
+
f09e2e
 FILES
f09e2e
      ~/.ssh/identity
f09e2e
              Contains the protocol version 1 RSA authentication identity of
017ff1
diff --git a/ssh-add.1 b/ssh-add.1
017ff1
index 4812448..16305bf 100644
017ff1
--- a/ssh-add.1
017ff1
+++ b/ssh-add.1
017ff1
@@ -161,6 +161,20 @@ to make this work.)
f09e2e
 Identifies the path of a
f09e2e
 .Ux Ns -domain
f09e2e
 socket used to communicate with the agent.
f09e2e
+.It Ev SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
 .El
f09e2e
 .Sh FILES
f09e2e
 .Bl -tag -width Ds
017ff1
diff --git a/ssh-agent.1 b/ssh-agent.1
017ff1
index 281ecbd..1a9a635 100644
017ff1
--- a/ssh-agent.1
017ff1
+++ b/ssh-agent.1
017ff1
@@ -201,6 +201,24 @@ sockets used to contain the connection to the authentication agent.
f09e2e
 These sockets should only be readable by the owner.
f09e2e
 The sockets should get automatically removed when the agent exits.
f09e2e
 .El
f09e2e
+.Sh ENVIRONMENT
f09e2e
+.Bl -tag -width Ds -compact
f09e2e
+.Pp
f09e2e
+.It Pa SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
+.El
f09e2e
 .Sh SEE ALSO
f09e2e
 .Xr ssh 1 ,
f09e2e
 .Xr ssh-add 1 ,
017ff1
diff --git a/ssh-keygen.1 b/ssh-keygen.1
017ff1
index 12e00d4..1b51a4a 100644
017ff1
--- a/ssh-keygen.1
017ff1
+++ b/ssh-keygen.1
017ff1
@@ -832,6 +832,24 @@ Contains Diffie-Hellman groups used for DH-GEX.
017ff1
 The file format is described in
017ff1
 .Xr moduli 5 .
f09e2e
 .El
f09e2e
+.Sh ENVIRONMENT
f09e2e
+.Bl -tag -width Ds -compact
f09e2e
+.Pp
f09e2e
+.It Pa SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
+.El
f09e2e
 .Sh SEE ALSO
017ff1
 .Xr ssh 1 ,
017ff1
 .Xr ssh-add 1 ,
017ff1
diff --git a/ssh-keysign.8 b/ssh-keysign.8
017ff1
index 69d0829..02d79f8 100644
017ff1
--- a/ssh-keysign.8
017ff1
+++ b/ssh-keysign.8
017ff1
@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used.
017ff1
 If these files exist they are assumed to contain public certificate
017ff1
 information corresponding with the private keys above.
f09e2e
 .El
f09e2e
+.Sh ENVIRONMENT
f09e2e
+.Bl -tag -width Ds -compact
f09e2e
+.Pp
f09e2e
+.It Pa SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
+.El
f09e2e
 .Sh SEE ALSO
f09e2e
 .Xr ssh 1 ,
017ff1
 .Xr ssh-keygen 1 ,
017ff1
diff --git a/ssh.1 b/ssh.1
017ff1
index 929904b..f65e42f 100644
017ff1
--- a/ssh.1
017ff1
+++ b/ssh.1
017ff1
@@ -1309,6 +1309,23 @@ For more information, see the
017ff1
 .Cm PermitUserEnvironment
017ff1
 option in
017ff1
 .Xr sshd_config 5 .
f09e2e
+.Sh ENVIRONMENT
f09e2e
+.Bl -tag -width Ds -compact
017ff1
+.It Ev SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
+.El
017ff1
 .Sh FILES
017ff1
 .Bl -tag -width Ds -compact
017ff1
 .It Pa ~/.rhosts
017ff1
diff --git a/sshd.8 b/sshd.8
017ff1
index c2c237f..058d37a 100644
017ff1
--- a/sshd.8
017ff1
+++ b/sshd.8
017ff1
@@ -951,6 +951,24 @@ concurrently for different ports, this contains the process ID of the one
017ff1
 started last).
017ff1
 The content of this file is not sensitive; it can be world-readable.
017ff1
 .El
f09e2e
+.Sh ENVIRONMENT
f09e2e
+.Bl -tag -width Ds -compact
017ff1
+.Pp
017ff1
+.It Pa SSH_USE_STRONG_RNG
f09e2e
+The reseeding of the OpenSSL random generator is usually done from
f09e2e
+.Cm /dev/urandom .
f09e2e
+If the 
f09e2e
+.Cm SSH_USE_STRONG_RNG
f09e2e
+environment variable is set to value other than
f09e2e
+.Cm 0
f09e2e
+the OpenSSL random generator is reseeded from
f09e2e
+.Cm /dev/random .
f09e2e
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
f09e2e
+Minimum is 14 bytes.
f09e2e
+This setting is not recommended on the computers without the hardware
f09e2e
+random generator because insufficient entropy causes the connection to 
f09e2e
+be blocked until enough entropy is available.
f09e2e
+.El
017ff1
 .Sh IPV6
017ff1
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
017ff1
 .Sh SEE ALSO