10.30 非得在Console登录之后才能远程SSH登录

https://scz.617.cn/unix/201912121529.txt

Q:

在Debian中用"aptitude install openssh-server"升级SSH Server后出了幺蛾子，
非得在Console登录之后才能远程SSH登录。升级OpenSSL不能解决该问题。

aptitude install openssl

A: 2019-12-12

--------------------------------------------------------------------------
Can't ssh to server after Debian upgrade to Buster without previous login from trusted machine - [2018-10-29]
https://unix.stackexchange.com/questions/478353/cant-ssh-to-server-after-debian-upgrade-to-buster-without-previous-login-from

No SSH access before TTY login - [2018-10-20]
https://bbs.archlinux.org/viewtopic.php?id=241346

openssh-server: Slow startup after the upgrade to 7.9p1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
--------------------------------------------------------------------------

放狗一搜，别人碰上过这种事。

--------------------------------------------------------------------------
sshd might be also be stuck waiting on /dev/[u]random, especially if the
system is located in a network segment with very little network traffic.
In this case, the system has very few sources of true randomness available
and has difficulties gathering up enough truly random bits for initially
seeding the kernel's random number generator. Logging onto the system
console will provide some randomness in the form of the lowest bits of
keyboard interrupt call times. If the system has some form of hardware
RNG, enabling it might fix this problem.

To diagnose, just type a few lines of nonsense to the console login prompt
without actually logging in. If sshd responds normally after that, the
kernel was probably starved of randomness and unable to seed the kernel
RNG, and that caused the startup of sshd to be delayed.
--------------------------------------------------------------------------

简单点说，系统缺乏足够的真随机数去喂内核的伪随机数发生器，Console的键盘操
作正好可以提供一些真随机数。

我通过安装haveged解决此事:

aptitude install haveged

别人通过安装rng-tools5解决此事，但我未实测:

aptitude install rng-tools5

D:

之前有故障时，先Console登录，再远程SSH登录，"systemctl status ssh"会看到:

Dec 12 14:31:07 debian sshd[1191]: error: kex_exchange_identification: Connection closed by remote host
Dec 12 14:31:15 debian sshd[1193]: rexec line 16: Deprecated option UsePrivilegeSeparation
Dec 12 14:31:15 debian sshd[1193]: rexec line 19: Deprecated option KeyRegenerationInterval
Dec 12 14:31:15 debian sshd[1193]: rexec line 20: Deprecated option ServerKeyBits
Dec 12 14:31:15 debian sshd[1193]: rexec line 32: Deprecated option RSAAuthentication
Dec 12 14:31:15 debian sshd[1193]: rexec line 39: Deprecated option RhostsRSAAuthentication
Dec 12 14:31:18 debian sshd[1193]: reprocess config line 32: Deprecated option RSAAuthentication
Dec 12 14:31:18 debian sshd[1193]: reprocess config line 39: Deprecated option RhostsRSAAuthentication

注意，此时已能远程SSH登录。

安装haveged排除故障，远程SSH登录，"systemctl status ssh"会看到:

Dec 12 15:39:36 debian systemd[1]: Started OpenBSD Secure Shell server.
Dec 12 15:44:41 debian sshd[1185]: rexec line 16: Deprecated option UsePrivilegeSeparation
Dec 12 15:44:41 debian sshd[1185]: rexec line 19: Deprecated option KeyRegenerationInterval
Dec 12 15:44:41 debian sshd[1185]: rexec line 20: Deprecated option ServerKeyBits
Dec 12 15:44:41 debian sshd[1185]: rexec line 32: Deprecated option RSAAuthentication
Dec 12 15:44:41 debian sshd[1185]: rexec line 39: Deprecated option RhostsRSAAuthentication
Dec 12 15:44:45 debian sshd[1185]: reprocess config line 32: Deprecated option RSAAuthentication
Dec 12 15:44:45 debian sshd[1185]: reprocess config line 39: Deprecated option RhostsRSAAuthentication

D:

/dev/random vs /dev/urandom - Onkar Joshi [2010-09-21]
http://www.onkarjoshi.com/blog/191/device-dev-random-vs-urandom/

在*nix系统上为获取随机数据，标准做法是从/dev/(u)random中读取，它们的随机源
是多种多样的。二者有区别。

当entropy pool被耗尽时，读取/dev/random将产生阻塞，直至收集到新的随机数据。
这减慢了随机数产生的速率。

读取/dev/urandom不会产生阻塞，它会重用internal pool以产生更多伪随机数。

/dev/urandom适用于:

. 生成测试用的大文件，其中充满了随机数据
. 与dd配合擦除磁盘数据

/dev/random适用于:

. 信息安全、密码学相关的随机数据

更多时候你需要的是/dev/urandom，而不是/dev/random。

D:

How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux - [2018-12-15]
https://www.cyberciti.biz/open-source/debian-ubuntu-centos-linux-setup-additional-entropy-for-server-using-aveged-rng-tools-utils/#comments

Entropy is nothing but the measure of randomness in a sequence of bits.
The PRNG (pseudorandom number generator) is a special device (e.g.
/dev/random on Linux) to create randomness from server hardware activities.
It uses interrupts generated from the keyboard, hard disk, mouse, network
and other sources. The random number generator gathers environmental noise
from device drivers and other sources into an entropy pool.

To see available entropy on Linux, enter:

$ cat /proc/sys/kernel/random/entropy_avail

该值小于等于1000时，那些依赖/dev/random的程序可能会阻塞，直至熵值足够大。

Finding out your current availability of entropy and quality of randomness

$ cat /dev/random | rngtest -c 1000

如果熵值太低，上述命令可能要花很长时间结束。

D:

Explain in Plain English about Entropy Available - [2010-08-19]
https://serverfault.com/questions/172337/explain-in-plain-english-about-entropy-available

Your system gathers some "real" random numbers by keeping an eye about
different events: network activity, hardware random number generator, and
so on. It feeds those to kernel entropy pool, which is used by /dev/random.
Applications which need some extreme security tend to use /dev/random as
their entropy source, or in other words, the randomness source.

If /dev/random runs out of available entropy, it's unable to serve out
more randomness and the application waiting for the randomness stalls
until more random stuff is available.

If you have 4096 bits of entropy available and you cat /dev/random you can
expect to be able to read 512 bytes of entropy (4096 bits) before the file
blocks while it waits for more entropy.

For example if you "cat /dev/random" your entropy will shrink to zero. At
first you'll get 512 bytes of random garbage but it will stop and little
by little you'll see more random data trickle trough.

This is not how people should operate /dev/random though. Normally
developers will read a small amount of data, like 128 bits, and use that
to seed some kind of PRNG algorithm. It's polite to not read any more
entropy from /dev/random than you need to since takes so long to build up
and is considered valuable. Thus if you drain it by carelessly catting the
file like above you'll cause other applications that need to read from
/dev/randomto block.

D: chatcn

某服务器上程序启动巨慢无比，后来分析是用到了随机数，卡在熵池太小了

$ watch -n 1 cat /proc/sys/kernel/random/entropy_avail

以前的机房环境差，没有问题，刚搬到一个好机房，太干净、噪音小。