Colin
Thanks.
I have lots of entropy at hand, I'm married with kids, but I do not know hos to
make use of it.
Duncan Hare
714 931 7952
From: Debian Bug Tracking System <ow...@bugs.debian.org>
To: Duncan Hare <d...@synoia.com>
Sent: Tuesday, January 3, 2017 9:39 PM
Subject: Bug#849037 closed by Colin Watson <cjwat...@debian.org> (Re:
Bug#849037: ssh: Missing systemd Unit file for ssh_key regen)
This is an automatic notification regarding your Bug report
which was filed against the ssh package:
#849037: ssh: Missing systemd Unit file for ssh_key regen
It has been closed by Colin Watson <cjwat...@debian.org>.
Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Colin Watson
<cjwat...@debian.org> by
replying to this email.
--
849037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849037
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problemsOn Wed, Dec 21, 2016 at 08:47:53PM
-0500, Duncan Hare wrote:
> Distributor ID: Raspbian
[...]
> Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can
> keys be moved?
Debian generates keys only in openssh-server.postinst, at which point
/etc/ is required to be writable. Of course it can be made read-only
later if no package management is to be performed.
> Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit
> regenerate_ssh_host_keys.service, ignoring: Unit
> regenerate_ssh_host_keys.service failed to load: No such file or directory.
This appears to be something specific to Raspbian. In Debian, I very
deliberately do not generate keys at boot, because entropy is often
scarce at boot time; I've seen academic papers that indicate that doing
this at boot is the cause of many vulnerable keys across the internet.
Unfortunately, bad-but-tempting ideas can be hard to eradicate.
A bit of web-searching suggests
https://www.marcomc.com/2012/09/how-to-fix-regenerate_ssh_host_keys-failed-on-raspbian-for-raspberrypi/,
but I really have no idea if that's current. You'll need to take this
up with the Raspbian folks if that isn't enough to resolve this.
--
Colin Watson [cjwat...@debian.org]
Package: ssh
Version: 1:6.7p1-5+deb8u3
Severity: important
-- System Information:
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie
Architecture: armv7l
Kernel: Linux 4.4.34-v7+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ssh depends on:
ii dpkg 1.17.27
ii openssh-client 1:6.7p1-5+deb8u3
ii openssh-server 1:6.7p1-5+deb8u3
ssh recommends no packages.
ssh suggests no packages.
-- debconf-show failed
Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can keys
be moved?
-- Logs begin at Wed 2016-12-21 18:58:14 EST, end at Wed 2016-12-21 19:17:02
EST. --
Dec 21 18:58:14 raspberrypi kernel: VFS: Mounted root (nfs filesystem) readonly
on device 0:16.
Dec 21 18:58:14 raspberrypi kernel: devtmpfs: mounted
Dec 21 18:58:14 raspberrypi kernel: Freeing unused kernel memory: 476K
(807eb000 - 80862000)
Dec 21 18:58:14 raspberrypi kernel: random: systemd: uninitialized urandom read
(16 bytes read, 126 bits of entropy available)
Dec 21 18:58:14 raspberrypi systemd[1]: systemd 215 running in system mode.
(+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP
-APPARMOR)
Dec 21 18:58:14 raspberrypi systemd[1]: Detected architecture 'arm'.
Dec 21 18:58:14 raspberrypi kernel: random: nonblocking pool is initialized
Dec 21 18:58:14 raspberrypi kernel: NET: Registered protocol family 10
Dec 21 18:58:14 raspberrypi systemd[1]: Inserted module 'ipv6'
Dec 21 18:58:14 raspberrypi systemd[1]: Set hostname to <raspberrypi>.
Dec 21 18:58:14 raspberrypi kernel: uart-pl011 3f201000.uart: no DMA platform
data
Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit
regenerate_ssh_host_keys.service, ignoring: Unit
regenerate_ssh_host_keys.service failed to load: No such file or directory.
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on
basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on
remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job
kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job kbd.service/start deleted to break
ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on
basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on
raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on
remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job
raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job raspi-config.service/start deleted
to break ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on
basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on
console-setup.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on
remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job
console-setup.service/start
