[meta-xilinx] SSH Help

Nathan Rossi nathan.rossi at xilinx.com
Thu Dec 12 19:37:19 PST 2013 

> -----Original Message-----
> From: meta-xilinx-bounces at yoctoproject.org [mailto:meta-xilinx-
> bounces at yoctoproject.org] On Behalf Of Martin Townsend
> Sent: Friday, December 13, 2013 2:40 AM
> To: meta-xilinx at yoctoproject.org
> Subject: [meta-xilinx] SSH Help
> 
> Hi,
> 
> I'm trying to get SSH working and have tried dropbear and openssh with
> no joy.  With dropbear it just hangs forever when trying to generate the
> keys and with openssh I get the following message when trying to
> generate the keys
> PRNG is not seeded
> I've stepped through the code and in seed_rng it calls RAND_Status which
> I think is in the openssl library.  This function returns failure.
> A bit of googling seems to indicate that permissions on /dev/urandom and
> /dev/random are incorrect but I've checked them and they are fine.
> 
> crw-rw-rw-    1 root     root        1,   8 Jan  1  1970 random
> ...
> crw-rw-rw-    1 root     root        1,   9 Jan  1  1970 urandom
> 
> Running
> 
> |cat /dev/urandom | tr -dc 'a-zA-Z0-9~!@#$%^&*-_'
> gives me a long stream of random characters.
> >ZtAy6lC.;yZD3=etLvwbiPEeH_\laccLVXkYlrNa7SiXESYxrb44q*79&I...
> |
> 
> Using /dev/random I managed to read 3 characters before it blocked.
> cat /dev/random | tr -dc 'a-zA-Z0-9~!@#$%^&*-_'
> xAr
> 
> Could it be that the entropy pool isn't being filled enough, the
> documentation I can see says that openssl will use /dev/urandom first
> and then /dev/random.

Hi Martin,

I gave openssh/dropbear a quick test on hardware and qemu. The RSA/ECDSA/DSA host key generation is slow, especially on hardware. It seems to be related primarily to performance.

The qemu system was able to generate the openssh keys in under 1 minute, hardware is 10x slower at ~10 minutes for the kc705-trd design. Dropbear is much faster, on the kc705 reference design it will generate the host key within ~10 seconds.

As to why QEMU is much faster, it is because it can emulate faster than hardware runs and it also has all the microblaze instruction set options enabled (e.g. mul high, hardware div and hard float are the key options that will affect key generation), remember these keys are supposed to be computationally hard to generate ;).

Alternatively you can skip the host key generation entirely and pre-generate your host key for debugging (make a recipe to drop it into your rootfs) and then on you production image configure it to generate on the first boot and then store the resulting key in a persistent storage media like flash or sd (which is the default behavior for poky).

Regards,
Nathan

> 
> BTW: The HW design is using a Microblaze running at 100MHz which I would
> hope would be enough if maybe a bit slow.
> 
> Any help/ideas greatly appreciated.
> 
> Cheers,
> Martin.
> 
> _______________________________________________
> meta-xilinx mailing list
> meta-xilinx at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-xilinx

More information about the meta-xilinx mailing list