[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized
Lennart Poettering
lennart at poettering.net
Wed Apr 30 04:08:24 PDT 2014
On Tue, 29.04.14 20:43, Florian Weimer (fweimer at redhat.com) wrote:
> The message at <https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html>
> contains two boot traces from virtual machines which show that the
> SSH key is generated before the kernel pool is sufficiently seeded.
Are you saying ssh reads from /dev/urandom rather than /dev/random, but
it should be reading from the latter? WHat does that have to do with
systemd?
> Would it be possible using socket activation to create the listening
> socket for SSH, but block the actual service startup until the keys
> have been generated after sufficient entropy became available?
>
> What would you need on the kernel side to implement the waiting?
> (Textual comparison of a log message is only good for a prototype.)
THis already exists. It's called /dev/random...
Not sure I understand what you are asking for...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list