[Bug 1098299] Re: entropy pool should be seeded earlier in boot process

Fri May 17 21:02:50 UTC 2013

I think I would argue that the bug here is on the side of the ssh
upstart job, which has a start condition of:

  start on filesystem or runlevel [2345]

/etc/rcS.d/S*urandom is guaranteeably run (via /etc/init/rc-
sysinit.conf) before 'runlevel' is emitted.  So the question is, why
does ssh need to start on 'filesystem', instead of waiting for
'runlevel'?  rc-sysinit itself runs (and fires off the 'runlevel' event)
as soon as it sees:

  start on (filesystem and static-network-up) or failsafe-boot

So in the common case, the only difference between the current behavior
and a 'start on runlevel' is that ssh will start before the network is
up, which seems of dubious value given the nature of the service.

In the pathological case, since 'failsafe-boot' is guaranteed to trigger
after a timeout, the system will still boot and ssh will still come up,
it may just not come up as quickly as it does currently.

I think we do want to translate /etc/init.d/urandom to an upstart job -
I frankly am just not sure at present how to write it correctly to
ensure it sequences before ssh without adding a lot of syntactic
boilerplate, given that urandom can't run until the filesystem is up
(for access to /var/lib), and 'start on starting ssh' is not right
either.

** Changed in: sysvinit (Ubuntu)
     Assignee: (unassigned) => Steve Langasek (vorlon)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to installation-report in Ubuntu.
https://bugs.launchpad.net/bugs/1098299

Title:
  entropy pool should be seeded earlier in boot process

Status in “installation-report” package in Ubuntu:
  In Progress
Status in “openssh” package in Ubuntu:
  Triaged
Status in “sysvinit” package in Ubuntu:
  Triaged
Status in “ubiquity” package in Ubuntu:
  Fix Released

Bug description:
  Currently, the entropy pool is seeded by /etc/init.d/urandom. This
  should be done earlier in the boot process by an upstart job, and
  should be done before the ssh daemon is started.

  Although the ssh keys are generated on package install, openssh uses
  openssl's PRNG which is seeded on boot for ephemeral keys.

  See https://factorable.net/weakkeys12.extended.pdf for more
  information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions