[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932439: openssh-server: sshd does not work after reboot: lack of system entropy

Package: openssh-server
Version: 1:7.9p1-10
Severity: normal

After boot, openssh-server (sshd) does not accept new connections. If this is a
new installation of debian, you are not even prompted to accept the server SSH
key. If you open up the server console, and type a few things, like, in the
username prompt, "ddd", and therefore provide the system with sufficient
entropy, you can then use SSH normally. You can connect to the server, and do
anything you want, like normally. I believe that if you also wait tens of
minutes, the same effect may be achieved, but I have not been able to confirm
it.

The above behavior has been observed in 3 separate Proxmox clusters, and 2
separate Proxmox installations, unclustered, using KVM for virtualization, all
5 of which in different types of x84 servers (amd64).

On a fresh install of Debian 10, using the debian-10.0.0-netinst, this bug
occurs.
On a fresh install of Debian 10, using the debian 10 RC1 netinstaller, this bug
did not occur.
On any Debian version (7-9) on the same cluster, this bug does not occur.
On Debian servers running Debian 9, and upgraded to Debian 10, this bug occurs,
100% of the time.

That said, the issue is probably with lack of entropy for openssh-server, which
makes sshd unusable until some is found. This is not 100% confirmed, but all
evidence points to it.

Other operating systems on the same virtualization environment, like Ubuntu
18.04, or CentOS 7, do not suffer from the above. They experience the same
behavior as older versions of Debian (work perfectly).

Thanks!

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg                   1.19.7
ii  libaudit1              1:2.8.4-3
ii  libc6                  2.28-10
ii  libcom-err2            1.44.5-1
ii  libgssapi-krb5-2       1.17-3
ii  libkrb5-3              1.17-3
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1c-1
ii  libsystemd0            241-5
ii  libwrap0               7.6.q-28
ii  lsb-base               10.2019051400
ii  openssh-client         1:7.9p1-10
ii  openssh-sftp-server    1:7.9p1-10
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd  241-5
ii  ncurses-term    6.1+20181013-2
ii  xauth           1:1.0.10-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information excluded
Reply to: