*** This bug is a security vulnerability *** Public security bug reported:
Currently, the entropy pool is seeded by /etc/init.d/urandom. This should be done earlier in the boot process by an upstart job, and should be done before the ssh daemon is started. Although the ssh keys are generated on package install, openssh uses openssl's PRNG which is seeded on boot for ephemeral keys. See https://factorable.net/weakkeys12.extended.pdf for more information. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Affects: sysvinit (Ubuntu) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1098299 Title: entropy pool should be seeded earlier in boot process To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1098299/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
