The sshkeygen uses a lot of CPU time which delays booting (especially in the case where no SSH connection is going to happen), but we also want to be proactive about generating it early so that the first SSH login doesn't have to wait a long time.
Starting the key generation when the sockets are created (which is pretty early in the boot process) slows down the boot due to high CPU usage, so as a compromise start it no later than multi-user mode when things have typically settled down. Note that if an SSH connection comes in before multi-user.target is reached, key generation will be started immediately. Signed-off-by: Joshua Watt <[email protected]> --- meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 - meta/recipes-connectivity/openssh/openssh/[email protected] | 1 + .../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 +++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 8d76d62309..12c39b26b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,6 +1,5 @@ [Unit] Conflicts=sshd.service -Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/meta/recipes-connectivity/openssh/openssh/[email protected] b/meta/recipes-connectivity/openssh/openssh/[email protected] index 9d9965e624..40fd38730a 100644 --- a/meta/recipes-connectivity/openssh/openssh/[email protected] +++ b/meta/recipes-connectivity/openssh/openssh/[email protected] @@ -1,5 +1,6 @@ [Unit] Description=OpenSSH Per-Connection Daemon +Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index fd81793d51..52617ec275 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes Nice=10 + +[Install] +# Start key generation no later than multi-user mode so that we can hopefully +# have it generated before the first SSH connection +WantedBy=multi-user.target -- 2.28.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142704): https://lists.openembedded.org/g/openembedded-core/message/142704 Mute This Topic: https://lists.openembedded.org/mt/77004223/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
