[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1

Am 28.10.2018 um 19:23 schrieb Colin Watson:
> 
> Thanks for the investigation.  (Note also that the OpenSSH version in
> question is the one that switched from OpenSSL 1.0 to 1.1, which was a
> big change.)
> 
> There were some significant changes in this area in OpenSSL 1.1.1.
> Would it be possible to try running OpenSSH with OpenSSL 1.1.0h to see
> if that makes a difference?  Unfortunately this is a little complicated
> as it will require doing a local build of the Debian OpenSSH source
> package in order to reduce the dependency; let me know if you need help
> with setting this up.
> 

Hello Colin Watson,
I built a local package OpenSSH 7.9p1-1 against OpenSSL 1.1.0h like
described in the upper half of attached file.
This shows an normal start of the ssh service and login is
immediately after a restart possible,
running on linux-image-4.18.0-2-amd64 4.18.10-2.

Because in another bug suggested to test the previous kernel
with a similar issue with the login manager (that I cannot find right
now), I reverted back to regular OpenSSH 7.9p1-1 with OpenSSL 1.1.1-1
and it shows the same delay when runnging with kernel
linux-image-4.17.0-3-amd64 4.17.17-1.

Just found the possibly somehow related bug #910504, that proposes
the installation of rng-tools - but this just fails to start because
of "Cannot find a hardware RNG device to use.", with OpenSSH 7.9p1-1
with OpenSSL 1.1.1-1 at linux-image-4.18.0-2-amd64 4.18.10-2.

Kind regards,
Bernhard


apt install fakeroot
apt build-dep openssh-server




# http://snapshot.debian.org/package/openssl/1.1.0h-4/
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl-dev_1.1.0h-4_amd64.deb
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl1.1_1.1.0h-4_amd64.deb
wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/openssl_1.1.0h-4_amd64.deb

dpkg -i *.deb




mkdir openssh/orig -p
cd    openssh/orig
apt source openssh
cd ../..




cd openssh
cp -a orig try1
cd try1/openssh-7.9p1
dpkg-buildpackage

dpkg -i openssh-client_7.9p1-1_amd64.deb openssh-server_7.9p1-1_amd64.deb openssh-sftp-server_7.9p1-1_amd64.deb

reboot

# SSH login immediately possible

# "[  OK  ] Started OpenBSD Secure Shell server." takes "no" time.





##################





apt install --reinstall libssl-dev libssl1.1 openssl openssh-client openssh-server openssh-sftp-server

reboot

# SSH not immediately possible:
#   ssh_exchange_identification: Connection closed by remote host
#   ssh_exchange_identification: read: Connection reset by peer

# "[ *** ] A start job is running for OpenBSD Secure Shell server (1 min 28s / 1 min 30s)



# http://snapshot.debian.org/package/linux/

wget http://snapshot.debian.org/archive/debian/20180818T210445Z/pool/main/l/linux/linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb

dpkg -i linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb

# booting with 4.17

# The same waiting with 4.17 as with 4.18






#################




qemu-system-x86_64 -m 3G -enable-kvm -smp 8 -monitor stdio -usb -device usb-tablet \
    -drive file=system.img,format=raw,cache=writeback \
    -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp:127.0.254.34:2222-:22,hostfwd=tcp:127.0.254.34:3389-:3389,tftp=/home/bernhard/data/pxeboot,bootfile=/boot/grub/i386-pc/core.0 \
    -boot c -no-shutdown -snapshot
Reply to: