[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized
Florian Weimer
fweimer at redhat.com
Wed Apr 30 05:10:56 PDT 2014
On 04/30/2014 01:14 PM, Daniel P. Berrange wrote:
> On Tue, Apr 29, 2014 at 08:43:38PM +0200, Florian Weimer wrote:
>> The message at <https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html>
>> contains two boot traces from virtual machines which show that the
>> SSH key is generated before the kernel pool is sufficiently seeded.
>
> I'm wondering if the VMs that ostree is creating are being given a
> virtio-rng device ? If not that would probably be a good idea to
> enable to allow them to get entropy. VMs are generally starved of
> entropy even beyond the initial boot up stage, so a virtual RNG is
> generally useful.
Interesting suggestion. I just used virt-manager to create the VM. I
don't see any trace for "rng" or "random" in the domain XML file. If it
is supported, I think it should be enabled by default.
(But I see a similar issue on bare metal.)
--
Florian Weimer / Red Hat Product Security Team
More information about the systemd-devel
mailing list