Web lists-archives.com

Re: Handling of entropy during boot




* Raphael Hertzog [Thu Jan 10, 2019 at 12:24:45PM +0100]:
> On Wed, 09 Jan 2019, Theodore Y. Ts'o wrote:

> > Pointers, please?  Let's see them and investigate.  The primary issue
> > I've been aware of to date has been on Fedora systems, and it's due to
> > some Red Hat specific changes that they made for FEDRAMP compliance
> > --- and Red Hat has dealt with those issues.

> In Kali I had to install haveged by default due to this problem.
> We got reports of having to wait up to 5 minutes to get to their desktop.
> We got reports of sshd not working on first boot (in fact just taking too
> long to start).

ACK, we also had to do the same in Grml[.org] and our latest release
(2018.12). Now we automatically enable haveged when users boot using
the ssh boot option (which is something Grml specific, taking care
of setting user password and invoking the ssh service).

We saw exactly what Daniel documented at
https://daniel-lange.com/archives/152-Openssh-taking-minutes-to-become-available,-booting-takes-half-an-hour-...-because-your-server-waits-for-a-few-bytes-of-randomness.html

regards,
-mika-
-- 
https://michael-prokop.at/  || https://adminzen.org/
https://grml-solutions.com/ || https://grml.org/

Attachment: signature.asc
Description: Digital signature