From: "Joshua Watt" <JPEWhacker@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: alex.kiernan@gmail.com, raj.khem@gmail.com,
richard.purdie@linuxfoundation.org,
Joshua Watt <JPEWhacker@gmail.com>
Subject: [OE-core][RFC] openssh: Start key generation in multi-user mode
Date: Mon, 21 Sep 2020 19:44:55 -0500 [thread overview]
Message-ID: <20200922004455.21335-1-JPEWhacker@gmail.com> (raw)
The sshkeygen uses a lot of CPU time which delays booting (especially in
the case where no SSH connection is going to happen), but we also want
to be proactive about generating it early so that the first SSH login
doesn't have to wait a long time.
Starting the key generation when the sockets are created (which is
pretty early in the boot process) slows down the boot due to high CPU
usage, so as a compromise start it no later than multi-user mode when
things have typically settled down. Note that if an SSH connection comes
in before multi-user.target is reached, key generation will be started
immediately.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 -
meta/recipes-connectivity/openssh/openssh/sshd@.service | 1 +
.../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 +++++
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..12c39b26b5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,5 @@
[Unit]
Conflicts=sshd.service
-Wants=sshdgenkeys.service
[Socket]
ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
index 9d9965e624..40fd38730a 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -1,5 +1,6 @@
[Unit]
Description=OpenSSH Per-Connection Daemon
+Wants=sshdgenkeys.service
After=sshdgenkeys.service
[Service]
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index fd81793d51..52617ec275 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys
Type=oneshot
RemainAfterExit=yes
Nice=10
+
+[Install]
+# Start key generation no later than multi-user mode so that we can hopefully
+# have it generated before the first SSH connection
+WantedBy=multi-user.target
--
2.28.0
next reply other threads:[~2020-09-22 0:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-22 0:44 Joshua Watt [this message]
2020-09-22 5:13 ` [OE-core][RFC] openssh: Start key generation in multi-user mode Khem Raj
2020-09-22 12:55 ` Joshua Watt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200922004455.21335-1-JPEWhacker@gmail.com \
--to=jpewhacker@gmail.com \
--cc=alex.kiernan@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.