Am 28.10.2018 um 19:23 schrieb Colin Watson: > > Thanks for the investigation. (Note also that the OpenSSH version in > question is the one that switched from OpenSSL 1.0 to 1.1, which was a > big change.) > > There were some significant changes in this area in OpenSSL 1.1.1. > Would it be possible to try running OpenSSH with OpenSSL 1.1.0h to see > if that makes a difference? Unfortunately this is a little complicated > as it will require doing a local build of the Debian OpenSSH source > package in order to reduce the dependency; let me know if you need help > with setting this up. >
Hello Colin Watson, I built a local package OpenSSH 7.9p1-1 against OpenSSL 1.1.0h like described in the upper half of attached file. This shows an normal start of the ssh service and login is immediately after a restart possible, running on linux-image-4.18.0-2-amd64 4.18.10-2. Because in another bug suggested to test the previous kernel with a similar issue with the login manager (that I cannot find right now), I reverted back to regular OpenSSH 7.9p1-1 with OpenSSL 1.1.1-1 and it shows the same delay when runnging with kernel linux-image-4.17.0-3-amd64 4.17.17-1. Just found the possibly somehow related bug #910504, that proposes the installation of rng-tools - but this just fails to start because of "Cannot find a hardware RNG device to use.", with OpenSSH 7.9p1-1 with OpenSSL 1.1.1-1 at linux-image-4.18.0-2-amd64 4.18.10-2. Kind regards, Bernhard
apt install fakeroot apt build-dep openssh-server # http://snapshot.debian.org/package/openssl/1.1.0h-4/ wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl-dev_1.1.0h-4_amd64.deb wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/libssl1.1_1.1.0h-4_amd64.deb wget http://snapshot.debian.org/archive/debian/20180523T153942Z/pool/main/o/openssl/openssl_1.1.0h-4_amd64.deb dpkg -i *.deb mkdir openssh/orig -p cd openssh/orig apt source openssh cd ../.. cd openssh cp -a orig try1 cd try1/openssh-7.9p1 dpkg-buildpackage dpkg -i openssh-client_7.9p1-1_amd64.deb openssh-server_7.9p1-1_amd64.deb openssh-sftp-server_7.9p1-1_amd64.deb reboot # SSH login immediately possible # "[ OK ] Started OpenBSD Secure Shell server." takes "no" time. ################## apt install --reinstall libssl-dev libssl1.1 openssl openssh-client openssh-server openssh-sftp-server reboot # SSH not immediately possible: # ssh_exchange_identification: Connection closed by remote host # ssh_exchange_identification: read: Connection reset by peer # "[ *** ] A start job is running for OpenBSD Secure Shell server (1 min 28s / 1 min 30s) # http://snapshot.debian.org/package/linux/ wget http://snapshot.debian.org/archive/debian/20180818T210445Z/pool/main/l/linux/linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb dpkg -i linux-image-4.17.0-3-amd64_4.17.17-1_amd64.deb # booting with 4.17 # The same waiting with 4.17 as with 4.18 ################# qemu-system-x86_64 -m 3G -enable-kvm -smp 8 -monitor stdio -usb -device usb-tablet \ -drive file=system.img,format=raw,cache=writeback \ -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp:127.0.254.34:2222-:22,hostfwd=tcp:127.0.254.34:3389-:3389,tftp=/home/bernhard/data/pxeboot,bootfile=/boot/grub/i386-pc/core.0 \ -boot c -no-shutdown -snapshot
