[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#849037: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#849037: ssh: Missing systemd Unit file for ssh_key regen)

Colin

Thanks.

I have lots of entropy at hand, I'm married with kids, but I do not know hos to make use of it.
 
Duncan Hare

714 931 7952


From: Debian Bug Tracking System <owner@bugs.debian.org>
To: Duncan Hare <dh@synoia.com>
Sent: Tuesday, January 3, 2017 9:39 PM
Subject: Bug#849037 closed by Colin Watson <cjwatson@debian.org> (Re: Bug#849037: ssh: Missing systemd Unit file for ssh_key regen)

This is an automatic notification regarding your Bug report
which was filed against the ssh package:

#849037: ssh: Missing systemd Unit file for ssh_key regen

It has been closed by Colin Watson <cjwatson@debian.org>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Colin Watson <cjwatson@debian.org> by
replying to this email.


--
849037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849037
Debian Bug Tracking System
Contact owner@bugs.debian.org with problemsOn Wed, Dec 21, 2016 at 08:47:53PM -0500, Duncan Hare wrote:
> Distributor ID:    Raspbian
[...]
> Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can keys be moved?

Debian generates keys only in openssh-server.postinst, at which point
/etc/ is required to be writable.  Of course it can be made read-only
later if no package management is to be performed.

> Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit regenerate_ssh_host_keys.service, ignoring: Unit regenerate_ssh_host_keys.service failed to load: No such file or directory.

This appears to be something specific to Raspbian.  In Debian, I very
deliberately do not generate keys at boot, because entropy is often
scarce at boot time; I've seen academic papers that indicate that doing
this at boot is the cause of many vulnerable keys across the internet.
Unfortunately, bad-but-tempting ideas can be hard to eradicate.

A bit of web-searching suggests
https://www.marcomc.com/2012/09/how-to-fix-regenerate_ssh_host_keys-failed-on-raspbian-for-raspberrypi/,
but I really have no idea if that's current.  You'll need to take this
up with the Raspbian folks if that isn't enough to resolve this.

--
Colin Watson                                      [cjwatson@debian.org]
Package: ssh
Version: 1:6.7p1-5+deb8u3
Severity: important



-- System Information:
Distributor ID:    Raspbian
Description:    Raspbian GNU/Linux 8.0 (jessie)
Release:    8.0
Codename:    jessie
Architecture: armv7l

Kernel: Linux 4.4.34-v7+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ssh depends on:
ii  dpkg            1.17.27
ii  openssh-client  1:6.7p1-5+deb8u3
ii  openssh-server  1:6.7p1-5+deb8u3

ssh recommends no packages.

ssh suggests no packages.

-- debconf-show failed

Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can keys be moved?


-- Logs begin at Wed 2016-12-21 18:58:14 EST, end at Wed 2016-12-21 19:17:02 EST. --
Dec 21 18:58:14 raspberrypi kernel: VFS: Mounted root (nfs filesystem) readonly on device 0:16.
Dec 21 18:58:14 raspberrypi kernel: devtmpfs: mounted
Dec 21 18:58:14 raspberrypi kernel: Freeing unused kernel memory: 476K (807eb000 - 80862000)
Dec 21 18:58:14 raspberrypi kernel: random: systemd: uninitialized urandom read (16 bytes read, 126 bits of entropy available)
Dec 21 18:58:14 raspberrypi systemd[1]: systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
Dec 21 18:58:14 raspberrypi systemd[1]: Detected architecture 'arm'.
Dec 21 18:58:14 raspberrypi kernel: random: nonblocking pool is initialized
Dec 21 18:58:14 raspberrypi kernel: NET: Registered protocol family 10
Dec 21 18:58:14 raspberrypi systemd[1]: Inserted module 'ipv6'
Dec 21 18:58:14 raspberrypi systemd[1]: Set hostname to <raspberrypi>.
Dec 21 18:58:14 raspberrypi kernel: uart-pl011 3f201000.uart: no DMA platform data
Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit regenerate_ssh_host_keys.service, ignoring: Unit regenerate_ssh_host_keys.service failed to load: No such file or directory.
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job kbd.service/start deleted to break ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job raspi-config.service/start deleted to break ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on console-setup.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job console-setup.service/start



Reply to: