Hi,

I am running several virtual machines (currently using 2.6.24.2) with 
user-mode-linux (UML) and am seeing the very same problem repeatedly.
Mar 25 06:00:05 uml12d sshd[28619]: fatal: Couldn't obtain random bytes (error 
604389476)
after a dictionary attack with 5 tries per second.
I straced the normal connection procedure with strace -o sshd.strace -f -p 
11541 and found:

11736 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
11736 fstat64(3, {st_mode=S_IFCHR|0644, st_rdev=makedev(1, 9), ...}) = 0
11736 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 10) = 1
11736 read(3, 
"\342\224\2443\314cVK\325\331I\322?=zEa\324u\276\2\f\361\2618p\3217\n\201x\210",
 32) = 32
11736 close(3)

The "poll" is probably there to prevent blocking of /dev/random but maybe there 
are conditions that cause it to return something other than "1" here?

I am seeing a common pattern here: mips, xen, uml... are all platforms that 
have few real entropy sources like HDDs and thus are more prone to running out 
of entropy.


On a related note:
I saw openvpn failing on openSUSE-10.3 this morning and it looks very similar:
Tue Mar 25 09:05:24 2008 key/87.185.50.159:1194 ERROR: Random number generator 
cannot obtain entropy for key generation [SSL]
Tue Mar 25 09:05:24 2008 key/87.185.50.159:1194 Exiting

So maybe it is a kernel bug? Or do those programs fail to check for some normal 
return value?
I guess, you could speed up triggering this bug by manually emptying the 
entropy pool with cat /dev/random > /dev/null


Ciao
Bernhard M.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to