[Info-vax] SSH/SCP sessions hanging for 7 minutes while reading from "/dev/random"

Dave Froble davef at tsoft-inc.com
Wed Sep 29 22:36:58 EDT 2021 

On 9/29/2021 6:31 PM, sphowes wrote:
> I am hoping someone may be able to help resolve an issue while opening an SSH or SCP session on an OpenVMS 7.3-2 cluster.
>
> When a session is initiated to or from the server, the connection will hang for ~7 minutes before finally opening the connection and asking for a password.
>
> While running an 'ssh -D 99' I can see that all of the delay time is being spent while trying to read from "/dev/random".  Each iteration of "Starting read from /dev/random" is taking a minute to timeout and then returning with "Opening /dev/random failed" and then it tries again for a total of 7 total tries.
>
> At the end of this section the SSH/SCP connection opens fine.
>
> Does anyone know what it is actually trying to open when it references "/dev/random"?   Is there any way to make a configuration change to work around this?   Or limit the number of times it loops the read or reduce the 60 sec read timeout?
>
> This is the SSH debug output that took ~7 minutes to complete:
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
> debug: GenRand/GENRAND.C:429: Starting to collect noise.
> debug: GenRand/GENRAND.C:270: Starting read from /dev/random.
> debug: GenRand/GENRAND.C:292: Opening /dev/random failed.
> debug: GenRand/GENRAND.C:424: Already acquiring noise.
>
> Thank you in advance for any insight you can provide.
>
> -Seth
>

Just guessing.  Perhaps the connection attempts the highest level of 
encryption first, then times out, then tries the next, until some level 
works.

Or something similar.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list