From: Andreas Ziegler <br015@umbiko.net>
To: buildroot@busybox.net
Subject: [Buildroot] SSH server starts too late
Date: Mon, 24 Feb 2020 14:07:19 +0100 [thread overview]
Message-ID: <07080405b2cf67605b4b9f38b40b4850@umbiko.net> (raw)
In-Reply-To: <1d91f38acaeecb790f5a44d104ae0ca1@umbiko.net>
> Message: 31
> Date: Mon, 24 Feb 2020 10:29:42 +0100
> From: Hammami Omar <omar18hammami@gmail.com>
> To: Andreas Ziegler <br015@umbiko.net>
> Cc: buildroot at busybox.net, Peter Seiderer <ps.report@gmx.net>
> Subject: Re: [Buildroot] SSH server starts too late
> Hello Andreas,
>
> Thank you for your response.
> In fact, I have tried to add extra randomnes by enabling "haveged". The
> entropy has increased but the problem is the same.
> Is it possible that the entropy value is always less than the wanted
> one ?
>
> Kind regards,
> Omar
Hi Omar,
The kernel entropy pool needs to be "seeded"; after that it works as
intended. Until the seeding is finished, calls to getentropy() or reads
from /dev/random block; reads from /dev/urandom work, but print warnings
in the kernel log. Thus it seems that there is always less entropy than
needed, because successful reads do not produce warning messages:
# dmesg | grep random
[ 0.070842] 000: random: get_random_u32 called from 0x8b299601 with
crng_init=0
[ 9.553915] 000: random: fast init done
[ 11.522913] 000: random: dd: uninitialized urandom read (512 bytes
read)
[ 14.271888] 000: random: wpa_supplicant: uninitialized urandom read
(32 bytes read)
[ 14.307673] 000: random: mktemp: uninitialized urandom read (6 bytes
read)
[ 23.668125] 000: random: mktemp: uninitialized urandom read (6 bytes
read)
[ 23.863680] 000: random: mktemp: uninitialized urandom read (6 bytes
read)
[ 24.003307] 000: random: sshd: uninitialized urandom read (32 bytes
read)
[ 221.067499] 000: random: sshd: uninitialized urandom read (32 bytes
read)
[ 221.092863] 000: random: sshd: uninitialized urandom read (32 bytes
read)
[ 221.405090] 000: random: sshd: uninitialized urandom read (32 bytes
read)
[ 327.117294] 000: random: crng init done
[ 327.117305] 000: random: 1 urandom warning(s) missed due to
ratelimiting
Changes in libopenssh, starting with version 1.1.1c, try to enforce a
blocking behaviour (regardless of the device used) until the kernel pool
is ready.
Increasing entropy can be achieved by typing on the keyboard, generating
I/O from physical disks, or by using hardware devices (RNG). Another
source of randomness is the patch that was introduced by Linus Torvalds
in kernel 5.4.y:
https://lkml.org/lkml/2019/9/18/1078
Kind regards,
Andreas
next prev parent reply other threads:[~2020-02-24 13:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.11.1582286403.41897.buildroot@busybox.net>
2020-02-21 12:51 ` [Buildroot] SSH server starts too late Andreas Ziegler
2020-02-24 9:29 ` Hammami Omar
[not found] ` <1d91f38acaeecb790f5a44d104ae0ca1@umbiko.net>
2020-02-24 13:07 ` Andreas Ziegler [this message]
[not found] ` <CAGSpp9ng2yxCK=RZeq1Z_Bce4pwij9FQED23SpGuvjqm5awHhg@mail.gmail.com>
2020-02-24 13:22 ` Andreas Ziegler
2020-02-24 14:07 ` Hammami Omar
2020-02-24 15:16 ` Hammami Omar
2020-02-21 9:13 Hammami Omar
2020-02-21 10:19 ` Peter Seiderer
2020-02-21 14:50 ` Hammami Omar
2020-02-21 16:16 ` Hammami Omar
2020-02-21 18:08 ` Grant Edwards
2020-02-21 18:30 ` Hammami Omar
2020-03-03 12:33 ` Hammami Omar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07080405b2cf67605b4b9f38b40b4850@umbiko.net \
--to=br015@umbiko.net \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.