A problem with virtual machines is that they have trouble finding entropy. Because they have no real hardware to get entropy from, the tend to have rather low entropy availabe. You can check with
cat /proc/sys/kernel/random/entropy_avail
A typical virtual machine will be in the low hundreds. If this is the case, you will probably frequently experience unusual long waiting times when loggin in with ssh, or even hangs .... This is because the system uses entropy to for the encryption. So because there is not much, it might wait for it to be generated.
Fortunatly, there is a tweek, which will speed up things: rng-tools (props to my fellow Stephan Seitz who explained this to me). It really is meant for gathering entropy from special hardware devices, but can be tweeked to use /dev/urandom. Please note that this will increase the available entropy, but not probably decrease the strength of the encryption. If you are more knowledgeble about this, I would be happy to hear from you.
Here is my setup on a ubuntu 12.04 server: Edit /etc/default/rng-tools, so that it contains
RNGDOPTIONS="--rng-device=/dev/urandom --fill-watermark=90% --feed-interval=1"
(only that, the rest should be comments). This will tell rng-tools to use /dev/urandom. Now the problem with this is, that the init script will check if the device is a real hardware device. So we need to edit /etc/init.d/rng-tools as well. Find the following line
START="${START} -- -r ${HRNGDEVICE} ${RNGDOPTIONS}"
and replace it with
START="${START} -- ${RNGDOPTIONS}"
Now restart rng-tools, and you should have much more entropy available:
cat /proc/sys/kernel/random/entropy_avail
3968
Keine Kommentare:
Kommentar veröffentlichen