diff options
| author | Mikko Rapeli <mikko.rapeli@bmw.de> | 2019-05-09 10:22:44 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-06-07 13:57:48 +0100 |
| commit | 4b393a21ffcf9fe00577b4a46c38b5db89b39e9d (patch) | |
| tree | b915306f5b145c9f911de745a49a4289f3692ec6 /meta/recipes-connectivity | |
| parent | 42600d4949dba66beba3dcf2119aba51dac67357 (diff) | |
| download | poky-4b393a21ffcf9fe00577b4a46c38b5db89b39e9d.tar.gz | |
openssh: recommend rng-tools with sshd
Since openssl 1.1.1 and openssh which uses it, sshd
startup is delayed. The delays range from few seconds
to minutes and even to hours. The delays are visible
in host keys generation and when sshd process is started
in response to incoming TCP connection but is failing
to provide SSH version string and clients or tests time out.
In all cases traces show that sshd is waiting for getentropy()
system call to return from Linux kernel, which returns only
after kernel side random number pool is initialized. The pool
is initialized via various entropy source which may be
missing on embedded development boards or via rngd from
rng-tools package from userspace. HW random number generation
and kernel support help but rngd is till needed to feed that data
back to the Linux kernel.
Example from an NXP imx8 board shows that kernel random number pool
initialization can take over 400 seconds without rngd,
and with rngd it is initialized at around 4 seconds after boot.
The completion of initialization is visible in kernel dmesg with line
"random: crng init done".
More details are available from:
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
* http://www.man7.org/linux/man-pages/man2/getrandom.2.html
(From OE-Core rev: 24d9e370e88a775486f9d6569bf1ba9c3b9e3b8a)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Cc: Mark Hatle <mark.hatle@windriver.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Cc: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb index b971b2b1e8..976bcc53a1 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb | |||
| @@ -148,6 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" | |||
| 148 | 148 | ||
| 149 | RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" | 149 | RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" |
| 150 | RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" | 150 | RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" |
| 151 | RRECOMMENDS_${PN}-sshd += "rng-tools" | ||
| 151 | RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed" | 152 | RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed" |
| 152 | 153 | ||
| 153 | RPROVIDES_${PN}-ssh = "ssh" | 154 | RPROVIDES_${PN}-ssh = "ssh" |