[Buildroot] SSH server starts too late

Andreas Ziegler br015 at umbiko.net
Mon Feb 24 13:07:19 UTC 2020 

> Message: 31
> Date: Mon, 24 Feb 2020 10:29:42 +0100
> From: Hammami Omar <omar18hammami at gmail.com>
> To: Andreas Ziegler <br015 at umbiko.net>
> Cc: buildroot at busybox.net, Peter Seiderer <ps.report at gmx.net>
> Subject: Re: [Buildroot] SSH server starts too late

> Hello Andreas,
> 
> Thank you for your response.
> In fact, I have tried to add extra randomnes by enabling "haveged". The
> entropy has increased but the problem is the same.
> Is it possible that the entropy value is always less than the wanted 
> one ?
> 
> Kind regards,
> Omar

Hi Omar,

The kernel entropy pool needs to be "seeded"; after that it works as 
intended. Until the seeding is finished, calls to getentropy() or reads 
from /dev/random block; reads from /dev/urandom work, but print warnings 
in the kernel log. Thus it seems that there is always less entropy than 
needed, because successful reads do not produce warning messages:

# dmesg | grep random
[    0.070842] 000: random: get_random_u32 called from 0x8b299601 with 
crng_init=0
[    9.553915] 000: random: fast init done
[   11.522913] 000: random: dd: uninitialized urandom read (512 bytes 
read)
[   14.271888] 000: random: wpa_supplicant: uninitialized urandom read 
(32 bytes read)
[   14.307673] 000: random: mktemp: uninitialized urandom read (6 bytes 
read)
[   23.668125] 000: random: mktemp: uninitialized urandom read (6 bytes 
read)
[   23.863680] 000: random: mktemp: uninitialized urandom read (6 bytes 
read)
[   24.003307] 000: random: sshd: uninitialized urandom read (32 bytes 
read)
[  221.067499] 000: random: sshd: uninitialized urandom read (32 bytes 
read)
[  221.092863] 000: random: sshd: uninitialized urandom read (32 bytes 
read)
[  221.405090] 000: random: sshd: uninitialized urandom read (32 bytes 
read)
[  327.117294] 000: random: crng init done
[  327.117305] 000: random: 1 urandom warning(s) missed due to 
ratelimiting

Changes in libopenssh, starting with version 1.1.1c, try to enforce a 
blocking behaviour (regardless of the device used) until the kernel pool 
is ready.

Increasing entropy can be achieved by typing on the keyboard, generating 
I/O from physical disks, or by using hardware devices (RNG). Another 
source of randomness is the patch that was introduced by Linus Torvalds 
in kernel 5.4.y:

   https://lkml.org/lkml/2019/9/18/1078

Kind regards,
Andreas

More information about the buildroot mailing list