Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1
Am 28.10.2018 um 19:23 schrieb Colin Watson:
>
> Thanks for the investigation. (Note also that the OpenSSH version in
> question is the one that switched from OpenSSL 1.0 to 1.1, which was a
> big change.)
>
> There were some significant changes in this area in OpenSSL 1.1.1.
> Would it be possible to try running OpenSSH with OpenSSL 1.1.0h to see
> if that makes a difference? Unfortunately this is a little complicated
> as it will require doing a local build of the Debian OpenSSH source
> package in order to reduce the dependency; let me know if you need help
> with setting this up.
>
Hello Colin Watson,
I built a local package OpenSSH 7.9p1-1 against OpenSSL 1.1.0h like
described in the upper half of attached file.
This shows an normal start of the ssh service and login is
immediately after a restart possible,
running on linux-image-4.18.0-2-amd64 4.18.10-2.
Because in another bug suggested to test the previous kernel
with a similar issue with the login manager (that I cannot find right
now), I reverted back to regular OpenSSH 7.9p1-1 with OpenSSL 1.1.1-1
and it shows the same delay when runnging with kernel
linux-image-4.17.0-3-amd64 4.17.17-1.
Just found the possibly somehow related bug #910504, that proposes
the installation of rng-tools - but this just fails to start because
of "Cannot find a hardware RNG device to use.", with OpenSSH 7.9p1-1
with OpenSSL 1.1.1-1 at linux-image-4.18.0-2-amd64 4.18.10-2.
Kind regards,
Bernhard
apt install fakeroot
apt build-dep openssh-server
# http://snapshot.debian.org/package/openssl/1.1.0h-4/
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl-dev_1.1.0h-4_amd64.deb
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl1.1_1.1.0h-4_amd64.deb
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/openssl_1.1.0h-4_amd64.deb
dpkg -i *.deb
mkdir openssh/orig -p
cd openssh/orig
apt source openssh
cd ../..
cd openssh
cp -a orig try1
cd try1/openssh-7.9p1
dpkg-buildpackage
dpkg -i openssh-client_7.9p1-1_amd64.deb openssh-server_7.9p1-1_amd64.deb openssh-sftp-server_7.9p1-1_amd64.deb
reboot
# SSH login immediately possible
# "[ OK ] Started OpenBSD Secure Shell server." takes "no" time.
##################
apt install --reinstall libssl-dev libssl1.1 openssl openssh-client openssh-server openssh-sftp-server
reboot
# SSH not immediately possible:
# ssh_exchange_identification: Connection closed by remote host
# ssh_exchange_identification: read: Connection reset by peer
# "[ *** ] A start job is running for OpenBSD Secure Shell server (1 min 28s / 1 min 30s)
# http://snapshot.debian.org/package/linux/
wget http://snapshot.debian.org/archive/debian/20180818T210445Z/pool/main/l/linux/linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb
dpkg -i linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb
# booting with 4.17
# The same waiting with 4.17 as with 4.18
#################
qemu-system-x86_64 -m 3G -enable-kvm -smp 8 -monitor stdio -usb -device usb-tablet \
-drive file=system.img,format=raw,cache=writeback \
-device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp:127.0.254.34:2222-:22,hostfwd=tcp:127.0.254.34:3389-:3389,tftp=/home/bernhard/data/pxeboot,bootfile=/boot/grub/i386-pc/core.0 \
-boot c -no-shutdown -snapshot
Reply to: