Simone Azzalin wrote:
> I have noticed that during the first minutes after boot, the
> libssh2_session_handshake execution remains stuck blocking the
> execution of the program.
Is that an embedded system, without a strong entropy source?
> Is this a known issue ? Do you have any possible suggestion to
> determine the cause of it ?
The session handshake includes among other things a key exchange,
which requires random numbers.
When the system has little entropy, such as after boot when not much
has happened, then when the crypto library that libssh2 uses (so not
libssh2 itself) reads /dev/random that read will hard block until
more entropy becomes available.
One ideal solution would be a dedicated hardware entropy source.
The most basic workaround is to save a /dev/random seed across reboots
by saving the /dev/random contents to a file when shutting down and
writing it back to /dev/random on boot.
If you neglect this issue and choose not to implement any solution to
the lack of entropy problem then your /dev/random becomes predictable
across boots, rendering any asymmetric encryption on the system useless;
allowing MITM attacks and perhaps even worse extraction of the SSH
authentication credentials.
//Peter
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2021-06-22