On Mon, Sep 21, 2020 at 5:45 PM Joshua Watt <[email protected]> wrote: > > The sshkeygen uses a lot of CPU time which delays booting (especially in > the case where no SSH connection is going to happen), but we also want > to be proactive about generating it early so that the first SSH login > doesn't have to wait a long time. > > Starting the key generation when the sockets are created (which is > pretty early in the boot process) slows down the boot due to high CPU > usage, so as a compromise start it no later than multi-user mode when > things have typically settled down. Note that if an SSH connection comes > in before multi-user.target is reached, key generation will be started > immediately. > > Signed-off-by: Joshua Watt <[email protected]> > --- > meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 - > meta/recipes-connectivity/openssh/openssh/[email protected] | 1 + > .../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 +++++ > 3 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket > b/meta/recipes-connectivity/openssh/openssh/sshd.socket > index 8d76d62309..12c39b26b5 100644 > --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket > +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket > @@ -1,6 +1,5 @@ > [Unit] > Conflicts=sshd.service > -Wants=sshdgenkeys.service > > [Socket] > ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd > diff --git a/meta/recipes-connectivity/openssh/openssh/[email protected] > b/meta/recipes-connectivity/openssh/openssh/[email protected] > index 9d9965e624..40fd38730a 100644 > --- a/meta/recipes-connectivity/openssh/openssh/[email protected] > +++ b/meta/recipes-connectivity/openssh/openssh/[email protected] > @@ -1,5 +1,6 @@ > [Unit] > Description=OpenSSH Per-Connection Daemon > +Wants=sshdgenkeys.service > After=sshdgenkeys.service > > [Service] > diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > index fd81793d51..52617ec275 100644 > --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > @@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys > Type=oneshot > RemainAfterExit=yes > Nice=10 > + > +[Install] > +# Start key generation no later than multi-user mode so that we can hopefully > +# have it generated before the first SSH connection > +WantedBy=multi-user.target
This looks better than what we have. Please do something similar for dropbearkey.service as well. I also wonder if we need After anchor but I would not worry too much about it. > -- > 2.28.0 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142706): https://lists.openembedded.org/g/openembedded-core/message/142706 Mute This Topic: https://lists.openembedded.org/mt/77004223/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
