[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized
Florian Weimer
fweimer at redhat.com
Tue Apr 29 11:43:38 PDT 2014
The message at
<https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html> contains
two boot traces from virtual machines which show that the SSH key is
generated before the kernel pool is sufficiently seeded.
Would it be possible using socket activation to create the listening
socket for SSH, but block the actual service startup until the keys have
been generated after sufficient entropy became available?
What would you need on the kernel side to implement the waiting?
(Textual comparison of a log message is only good for a prototype.)
--
Florian Weimer / Red Hat Product Security Team
More information about the systemd-devel
mailing list