[Bug 1098299] Re: entropy pool should be seeded earlier in boot process
Launchpad Bug Tracker
1098299 at bugs.launchpad.net
Thu May 23 06:54:21 UTC 2013
This bug was fixed in the package openssh - 1:6.2p2-3
---------------
openssh (1:6.2p2-3) unstable; urgency=low
* If the running init daemon is Upstart, then, on the first upgrade to
this version, check whether sysvinit is still managing sshd; if so,
manually stop it so that it can be restarted under upstart. We do this
near the end of the postinst, so it shouldn't result in any appreciable
extra window where sshd is not running during upgrade.
-- Colin Watson <cjwatson at debian.org> Wed, 22 May 2013 17:42:10 +0100
** Changed in: openssh (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to installation-report in Ubuntu.
https://bugs.launchpad.net/bugs/1098299
Title:
entropy pool should be seeded earlier in boot process
Status in “installation-report” package in Ubuntu:
In Progress
Status in “openssh” package in Ubuntu:
Fix Released
Status in “sysvinit” package in Ubuntu:
Won't Fix
Status in “ubiquity” package in Ubuntu:
Fix Released
Bug description:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This
should be done earlier in the boot process by an upstart job, and
should be done before the ssh daemon is started.
Although the ssh keys are generated on package install, openssh uses
openssl's PRNG which is seeded on boot for ephemeral keys.
See https://factorable.net/weakkeys12.extended.pdf for more
information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/installation-report/+bug/1098299/+subscriptions
More information about the foundations-bugs
mailing list