From: Stephan Seitz <s.seitz@netz-haut.de>
To: XEN User - listmembers <xen-users@lists.xensource.com>,
XEN Devel - listmembers <xen-devel@lists.xensource.com>
Subject: dom0 and domU /dev/urandom generating too less entropy
Date: Wed, 10 Oct 2007 22:00:10 +0200 [thread overview]
Message-ID: <470D2F4A.8070000@netz-haut.de> (raw)
[-- Attachment #1.1.1: Type: text/plain, Size: 2180 bytes --]
Hi there,
I've recently seen problems after migrating physical servers into
paravirtualized domU's.
The migrated systems vary from debian woody, sarge, ubuntu >=breezy,
each system with it's own but manageable problems.
On thing in common is: /dev/urandom generates too less entropy for
e.g. ssh-keygen.
Last days, i found even sshd itself dying by too less entropy:
sshd[26134]: fatal: Couldn't obtain random bytes (error 604389476)
We're using an own build derived from the 3.1.0 tarball, but without
any substantial changes to the code:
The currently used kernel has been heavily patched, but this issue
doesn't seem to be kernel-specific.
We tried the 2.6.18 (xensource 3.1.0) as well as different distro
kernels.
host :
release : 2.6.20-100-server
version : #2 SMP Sat Jun 2 12:18:40 UTC 2007
machine : i686
nr_cpus : 4
nr_nodes : 1
sockets_per_node : 1
cores_per_socket : 4
threads_per_core : 1
cpu_mhz : 2394
hw_caps : bfebfbff:20100000:00000000:00000140:0000e3bd:00000000:00000001
total_memory : 8190
free_memory : 1
xen_major : 3
xen_minor : 1
xen_extra : .0
xen_caps : xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p
xen_scheduler : credit
xen_pagesize : 4096
platform_params : virt_start=0xf5800000
xen_changeset : unavailable
cc_compiler : gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
cc_compile_by : root
cc_compile_domain : halo.local
cc_compile_date : Wed May 23 02:33:53 CEST 2007
xend_config_format : 4
Do you know about a workaround, or maybe the possibility for another (xen-specific) RNG
besides of /dev/urandom ?
Thanks in advance!
--
Stephan Seitz
Senior System Administrator
*netz-haut* e.K.
multimediale kommunikation
zweierweg 22
97074 würzburg
fon: +49 931 2876247
fax: +49 931 2876248
web: www.netz-haut.de <http://www.netz-haut.de/>
registriergericht: amtsgericht würzburg, hra 5054
[-- Attachment #1.1.2: s.seitz.vcf --]
[-- Type: text/x-vcard, Size: 335 bytes --]
begin:vcard
fn:Stephan Seitz
n:Seitz;Stephan
org:netz-haut e.K.
adr:;;Zweierweg 22;Wuerzburg;Bayern;97074;Deutschland
email;internet:s.seitz@netz-haut.de
title:Senior System Administrator
tel;work:+49-931-287-6247
tel;fax:+49-931-287-6248
x-mozilla-html:FALSE
url:http://www.schwarz-mode.de/files/
version:2.1
end:vcard
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2007-10-10 20:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-10 20:00 Stephan Seitz [this message]
2007-10-11 7:27 ` dom0 and domU /dev/urandom generating too less entropy Keir Fraser
2007-10-11 11:44 ` [Xen-users] " Robbie Dinn
2007-10-11 15:28 ` Re: [Xen-devel] " Robbie Dinn
2007-10-11 16:10 ` [Xen-users] " Stephan Seitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=470D2F4A.8070000@netz-haut.de \
--to=s.seitz@netz-haut.de \
--cc=xen-devel@lists.xensource.com \
--cc=xen-users@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.