On Tue, Sep 22, 2020, 12:14 AM Khem Raj <[email protected]> wrote: > On Mon, Sep 21, 2020 at 5:45 PM Joshua Watt <[email protected]> wrote: > > > > The sshkeygen uses a lot of CPU time which delays booting (especially in > > the case where no SSH connection is going to happen), but we also want > > to be proactive about generating it early so that the first SSH login > > doesn't have to wait a long time. > > > > Starting the key generation when the sockets are created (which is > > pretty early in the boot process) slows down the boot due to high CPU > > usage, so as a compromise start it no later than multi-user mode when > > things have typically settled down. Note that if an SSH connection comes > > in before multi-user.target is reached, key generation will be started > > immediately. > > > > Signed-off-by: Joshua Watt <[email protected]> > > --- > > meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 - > > meta/recipes-connectivity/openssh/openssh/[email protected] | 1 + > > .../recipes-connectivity/openssh/openssh/sshdgenkeys.service | 5 +++++ > > 3 files changed, 6 insertions(+), 1 deletion(-) > > > > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket > b/meta/recipes-connectivity/openssh/openssh/sshd.socket > > index 8d76d62309..12c39b26b5 100644 > > --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket > > +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket > > @@ -1,6 +1,5 @@ > > [Unit] > > Conflicts=sshd.service > > -Wants=sshdgenkeys.service > > > > [Socket] > > ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd > > diff --git a/meta/recipes-connectivity/openssh/openssh/[email protected] > b/meta/recipes-connectivity/openssh/openssh/[email protected] > > index 9d9965e624..40fd38730a 100644 > > --- a/meta/recipes-connectivity/openssh/openssh/[email protected] > > +++ b/meta/recipes-connectivity/openssh/openssh/[email protected] > > @@ -1,5 +1,6 @@ > > [Unit] > > Description=OpenSSH Per-Connection Daemon > > +Wants=sshdgenkeys.service > > After=sshdgenkeys.service > > > > [Service] > > diff --git > a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > > index fd81793d51..52617ec275 100644 > > --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > > +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > > @@ -7,3 +7,8 @@ ExecStart=@LIBEXECDIR@/sshd_check_keys > > Type=oneshot > > RemainAfterExit=yes > > Nice=10 > > + > > +[Install] > > +# Start key generation no later than multi-user mode so that we can > hopefully > > +# have it generated before the first SSH connection > > +WantedBy=multi-user.target > > This looks better than what we have. Please do something similar for > dropbearkey.service as well. > I also wonder if we need After anchor but I would not worry too much about > it. >
Yes, it may need After=multi-user.target, otherwise it might start earlier than you want > > -- > > 2.28.0 > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142712): https://lists.openembedded.org/g/openembedded-core/message/142712 Mute This Topic: https://lists.openembedded.org/mt/77004223/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
