subject:"\[OE\-core\] \[PATCH 1\/2\] dropbear\/openssh\: Lower priority of key generation"

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

2020-09-22 Thread Mike Looijmans



Met vriendelijke groet / kind regards,

Mike Looijmans
System Expert


TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands

T: +31 (0) 499 33 69 69
E: mike.looijm...@topicproducts.com
W: www.topicproducts.com

Please consider the environment before printing this e-mail
On 18-09-2020 19:55, Richard Purdie via lists.openembedded.org wrote:

On Fri, 2020-09-18 at 10:45 -0700, Khem Raj wrote:

On 9/17/20 11:00 PM, Richard Purdie wrote:

Where we have images with PAM+systemd, serial login can be
extremely
slow. The load generated by key generation does slow down the rest
of the boot process.


this is a good find. So I wonder if its because we have entropy
starvation. I see that we do enable virtio-rng while launching qemu
so something to look in this area perhaps.

I did check and the virtio rng is alive and well in the image. Its the
CPU usage of the key generation that partly causes the issue.


Another solution is to just have it create smaller keys. The computation 
time seems to grow exponential with the bit count, a 2048 size key can 
take 10 times longer than a 1024 bit key to generate, and a 4096 may 
take 10x that again.


There's been a move to 4096 sizes keys lately, pushing the CPU use even 
further. Unless you're controlling a nuclear power plant or so, that's a 
bit excessive.


--
Mike Looijmans


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142715): 
https://lists.openembedded.org/g/openembedded-core/message/142715
Mute This Topic: https://lists.openembedded.org/mt/76925740/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

2020-09-18 Thread Richard Purdie

On Fri, 2020-09-18 at 10:45 -0700, Khem Raj wrote:
> 
> On 9/17/20 11:00 PM, Richard Purdie wrote:
> > Where we have images with PAM+systemd, serial login can be
> > extremely
> > slow. The load generated by key generation does slow down the rest
> > of the boot process.
> > 
> 
> this is a good find. So I wonder if its because we have entropy 
> starvation. I see that we do enable virtio-rng while launching qemu
> so something to look in this area perhaps.

I did check and the virtio rng is alive and well in the image. Its the
CPU usage of the key generation that partly causes the issue.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142664): 
https://lists.openembedded.org/g/openembedded-core/message/142664
Mute This Topic: https://lists.openembedded.org/mt/76925740/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

2020-09-18 Thread Khem Raj




On 9/17/20 11:00 PM, Richard Purdie wrote:

Where we have images with PAM+systemd, serial login can be extremely
slow. The load generated by key generation does slow down the rest
of the boot process.



this is a good find. So I wonder if its because we have entropy 
starvation. I see that we do enable virtio-rng while launching qemu so 
something to look in this area perhaps.




Lower the priority level of these systemd services, since we'd
prefer to have the rest of the system boot more effectively.

This doesn't "solve" the slow systemd boot issues but does help.

Signed-off-by: Richard Purdie 
---
  meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service | 1 +
  meta/recipes-core/dropbear/dropbear/dropbearkey.service   | 1 +
  2 files changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service 
b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 603c33787f1..fd81793d511 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -6,3 +6,4 @@ RequiresMountsFor=/var /run
  ExecStart=@LIBEXECDIR@/sshd_check_keys
  Type=oneshot
  RemainAfterExit=yes
+Nice=10
diff --git a/meta/recipes-core/dropbear/dropbear/dropbearkey.service 
b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
index c49053d57c7..71a12a6110c 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbearkey.service
+++ b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -11,3 +11,4 @@ Type=oneshot
  ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
  ExecStart=@SBINDIR@/dropbearkey -t rsa -f 
${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
  RemainAfterExit=yes
+Nice=10






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142663): 
https://lists.openembedded.org/g/openembedded-core/message/142663
Mute This Topic: https://lists.openembedded.org/mt/76925740/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

2020-09-18 Thread Richard Purdie

Where we have images with PAM+systemd, serial login can be extremely
slow. The load generated by key generation does slow down the rest
of the boot process.

Lower the priority level of these systemd services, since we'd
prefer to have the rest of the system boot more effectively.

This doesn't "solve" the slow systemd boot issues but does help.

Signed-off-by: Richard Purdie 
---
 meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service | 1 +
 meta/recipes-core/dropbear/dropbear/dropbearkey.service   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service 
b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 603c33787f1..fd81793d511 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -6,3 +6,4 @@ RequiresMountsFor=/var /run
 ExecStart=@LIBEXECDIR@/sshd_check_keys
 Type=oneshot
 RemainAfterExit=yes
+Nice=10
diff --git a/meta/recipes-core/dropbear/dropbear/dropbearkey.service 
b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
index c49053d57c7..71a12a6110c 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbearkey.service
+++ b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -11,3 +11,4 @@ Type=oneshot
 ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
 ExecStart=@SBINDIR@/dropbearkey -t rsa -f 
${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
 RemainAfterExit=yes
+Nice=10
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142640): 
https://lists.openembedded.org/g/openembedded-core/message/142640
Mute This Topic: https://lists.openembedded.org/mt/76925740/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

[OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation

4 matches

Site Navigation

Mail list logo

Footer information