Simone Azzalin wrote: > I have noticed that during the first minutes after boot, the > libssh2_session_handshake execution remains stuck blocking the > execution of the program.
Is that an embedded system, without a strong entropy source? > Is this a known issue ? Do you have any possible suggestion to > determine the cause of it ? The session handshake includes among other things a key exchange, which requires random numbers. When the system has little entropy, such as after boot when not much has happened, then when the crypto library that libssh2 uses (so not libssh2 itself) reads /dev/random that read will hard block until more entropy becomes available. One ideal solution would be a dedicated hardware entropy source. The most basic workaround is to save a /dev/random seed across reboots by saving the /dev/random contents to a file when shutting down and writing it back to /dev/random on boot. If you neglect this issue and choose not to implement any solution to the lack of entropy problem then your /dev/random becomes predictable across boots, rendering any asymmetric encryption on the system useless; allowing MITM attacks and perhaps even worse extraction of the SSH authentication credentials. //Peter _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
