Dear Maintainer,
just some more information, because I think I see this
difference in my qemu buster amd64 VM too.

Before I could ssh into that machine just after some seconds.

Now it takes some time until that line "random: crng init done"
appears in dmesg.
With logging in in the qemu window this line appears just after a
few seconds, when just trying via ssh it takes much longer.


I tried to find out where it blocks exactly and came to that location:

#0 0x00007fb515b1803a in getentropy (buffer=0x56285633d440, length=***@entry=32) at ../sysdeps/unix/sysv/linux/getentropy.c:45
#1 0x00007fb5161e3603 in syscall_random (buflen=32, buf=<optimized out>) at ../crypto/rand/rand_unix.c:277
#2 rand_pool_acquire_entropy (pool=***@entry=0x5628563394e0) at ../crypto/rand/rand_unix.c:469
#3 0x00007fb5161e2d8d in rand_drbg_get_entropy (drbg=0x562856339e80, pout=0x7ffd1c2bce60, entropy=<optimized out>, min_len=<optimized out>, max_len=<optimized out>, prediction_resistance=0) at ../crypt$
#4 0x00007fb5161e11b2 in RAND_DRBG_instantiate (drbg=***@entry=0x562856339e80, pers=***@entry=0x7fb516289d20 <ossl_pers_string> "OpenSSL NIST SP 800-90A DRBG", perslen=***@entry=28) at ../crypto/$
#5 0x00007fb5161e21a8 in drbg_setup (parent=***@entry=0x0) at ../crypto/rand/drbg_lib.c:870
#6 0x00007fb5161e222f in do_rand_drbg_init () at ../crypto/rand/drbg_lib.c:899
#7 do_rand_drbg_init_ossl_ () at ../crypto/rand/drbg_lib.c:884
#8 0x00007fb5150c9827 in __pthread_once_slow (once_control=0x7fb5163118f8 <rand_drbg_init>, init_routine=0x7fb5161e21d0 <do_rand_drbg_init_ossl_>) at pthread_once.c:116
#9 0x00007fb5150c98e5 in __GI___pthread_once (once_control=***@entry=0x7fb5163118f8 <rand_drbg_init>, init_routine=***@entry=0x7fb5161e21d0 <do_rand_drbg_init_ossl_>) at pthread_once.$
#10 0x00007fb516221329 in CRYPTO_THREAD_run_once (once=***@entry=0x7fb5163118f8 <rand_drbg_init>, init=***@entry=0x7fb5161e21d0 <do_rand_drbg_init_ossl_>) at ../crypto/threads_pthread.c:113
#11 0x00007fb5161e2327 in RAND_DRBG_get0_master () at ../crypto/rand/drbg_lib.c:1010
#12 0x00007fb5161e235d in drbg_status () at ../crypto/rand/drbg_lib.c:992
#13 0x00005628556a253f in seed_rng () at ../../entropy.c:238
#14 0x000056285564b13c in main (ac=2, av=0x56285631b970) at ../../sshd.c:1696

Most of the stack is inside /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
e.g libssl1.1 that got also a new upload at that time.


Attached file describes how I retrieved that stack and some more logging.
(For my qemu machine a workaround would just be
to add "-device virtio-rng-pci", to have proper randomness.)

Kind regards,
Bernhard

Package: openssl
Version: 1.1.1-1
Followup-For: Bug #912087

Now that by bug report has been switched to the openssl package, I would like
to add that after seeing the above post about entropy, I installed haveged and
now openssh-server starts in a fraction of the mentioned time.

On top of that, lightdm also starts faster (= it gets me to the login prompt
quicker) than what it used to a few days ago.
I was about to open a new bug report for it, but I do not know if it is related
to this issue.



-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssl depends on:
ii libc6 2.27-6
ii libssl1.1 1.1.1-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii ca-certificates 20170717

-- no debconf information

Clearly it's not working for the person reporting this issue,
or we wouldn't have this discussion.


Kurt

Package: openssh-server
Version: 1:7.9p1-4
Followup-For: Bug #912087

Hi,
Doesn't that apply to non-virtual hardware as well?

BTW, mariadb and php-fpm are affected as well.
If services can't assume the rng being ready, they should have a dependency on the rng such that systemd doesn't attempt to start them before it's ready.

Gr,

Olaf

-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.69
ii dpkg 1.19.2
ii libaudit1 1:2.8.4-2
ii libc6 2.27-8
ii libcom-err2 1.44.4-2
ii libgssapi-krb5-2 1.16.1-1
ii libkrb5-3 1.16.1-1
ii libpam-modules 1.1.8-3.8
ii libpam-runtime 1.1.8-3.8
ii libpam0g 1.1.8-3.8
ii libselinux1 2.8-1+b1
ii libssl1.1 1.1.1-2
ii libsystemd0 239-11
ii libwrap0 7.6.q-27
ii lsb-base 9.20170808
ii openssh-client 1:7.9p1-4
ii openssh-sftp-server 1:7.9p1-4
ii procps 2:3.3.15-2
ii ucf 3.0038
ii zlib1g 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii libpam-systemd 239-11
ii ncurses-term 6.1+20181013-1
ii xauth 1:1.0.10-1

Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>

-- debconf information:
openssh-server/permit-root-login: false
openssh-server/password-authentication: true

control: reassign -1 systemd 239-13

I hereby reassign the bug to systemd.
The problem is that OpenSSL is now using getrandom() for entropy which
is not (yet) ready and therefore OpenSSH needs longer for startup by
simply waiting for entropy.

Theodore Y. Ts'o suggested adding hw-rng to KVM/virt setups [0].
Everything else should work just "fine".

Either way there is nothing OpenSSL wise that can be done. A similar
issue [1] has been reported once GnuTLS which to getrandom().

Systemd wise there is
https://github.com/systemd/systemd/issues/4271
https://github.com/systemd/systemd/pull/10621
where people want systemd to systemd to credit entropy. I'm not much a
fan of that but that is a different story.

[0] https://bugs.debian.org/912087#118
[1] https://bugs.debian.org/837597

Sebastian

I was about to close it myself then I though maybe reassign in case you
want close it if that PR gets merged it.
Yes, I am not a fan that.
Right. Do you think, that it would necessary to add something to the
release notes?
Thank you.

Sebastian

Greetings,

Sorry I am late to the discussion.

I have some systems running in a VMWare infrastructure and things like ssh
and puppet are not starting (puppet times out and fails) or taking a long
time to start (ssh).

If I install sshd, I expect it to start (somewhat quickly) not 200 seconds
after boot. If I install puppet, I expect it to start - not timeout and
fail.

It seems installing haveged has "fixed" these issues [Thanks jim_p <
***@gmail.com>] , but knowing those specific solutions remains the
challenge.

I've spent a lot of time debugging, reading, and researching to find these
bug reports and threads. It takes a lot of time and even then I'm not
certain of the appropriateness of the fix. Is installing haveged the right
solution for a headless VM that needs to have ssh and puppet running?

Right now systemd upstream is dubious of PR 10621 and according to Michael
Biebl it will be opt-in only. PS. Thank you Michael for your work on
systemd.

Where do we communicate to admins that their services might be slow to
start or fail to start and they need to manually install some package
(haveged) or touch a systemd config (PR 10621)?

Thanks everyone for their input in this discussion!

It is appreciated!

-m

Greetings,

First off, thank you for your work on this issue.

After spending a bit more that 6 hours strugging with this issue on a KVM VM
running headless debian-testing, I simply want to add the following:

- If you do not realize that the problem has something to do with crng, finding
this bug report on a search engine is a bit difficult.

- Installing haveged is what finally solved it and brough me straight here.

Finding the solution was a bit of a stroke of luck (i.e. haveged is one of the
packages I install on production VMs from my ansible playbook, and one such VM
did not have this issue).

It would definitely have saved me a lot of time if this issue was more easily
accessible through a search engine / listchanges mentioned it.

NB: Going through bug reports for openssh-server on the tracker is one of the
first thing I did, unfortunately it had been bumped somewhere else by that time.

Hopefully this entry will help people using a search engine to figure out why
they need to log in on their VM through console for sshd to start listening
on the network.

Once again, thank you to everyone who pitched in in here.

Best regards,

For people using libvirt, I've found that adding the following to a
domain solves this problem.

<rng model="virtio">
<backend model="random">/dev/urandom</backend>
</rng>

Thanks for the useful pointer in this direction Ted.