Subject: Re: libssh2_session_handshake remains stuck

Re: libssh2_session_handshake remains stuck

From: Simone Azzalin <sazzalin_at_dares.tech>
Date: Tue, 22 Jun 2021 17:36:50 +0200

Hello Peter,

Thank for your useful information. Yes this is an embedded system.
I will try the solution that you suggest as soon as possible and give
you a feedback.

Simon

On 6/22/21 4:24 PM, Peter Stuge wrote:
> Simone Azzalin wrote:
>> I have noticed that during the first minutes after boot, the
>> libssh2_session_handshake execution remains stuck blocking the
>> execution of the program.
> Is that an embedded system, without a strong entropy source?
>
>
>> Is this a known issue ? Do you have any possible suggestion to
>> determine the cause of it ?
> The session handshake includes among other things a key exchange,
> which requires random numbers.
>
> When the system has little entropy, such as after boot when not much
> has happened, then when the crypto library that libssh2 uses (so not
> libssh2 itself) reads /dev/random that read will hard block until
> more entropy becomes available.
>
> One ideal solution would be a dedicated hardware entropy source.
>
> The most basic workaround is to save a /dev/random seed across reboots
> by saving the /dev/random contents to a file when shutting down and
> writing it back to /dev/random on boot.
>
>
> If you neglect this issue and choose not to implement any solution to
> the lack of entropy problem then your /dev/random becomes predictable
> across boots, rendering any asymmetric encryption on the system useless;
> allowing MITM attacks and perhaps even worse extraction of the SSH
> authentication credentials.
>
>
> //Peter
> _______________________________________________
> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel 

-- 
*Simone Azzalin*
*Embedded Systems Engineer | DARES TECHNOLOGY*
Esteve Terrades, 1 | Edificio RDIT, Parc UPC – PMT | E – 08860 
Castelldefels, Barcelona
+34 93 514 1652 | sazzalin_at_dares.tech <mailto:sazzalin_at_dares.tech> | 
www.dares.tech <http://www.dares.tech/> | Legal notice 
<http://dares.tech/legal-notice/>

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2021-06-22