Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
This happens on a CentOS 8 LXC container running on a CentOS 7 Host (or anything with a Kernel < 3.17).
OpenSSH fails to start due to a failing SYSCALL to not implemented function "getrandom".
Normally it should fallback to /dev/urandom, at least I presume that's why OpenSSL has no issues.
Rebuilding OpenSSH in this environment it doesn't throw this error.
I suspect it's the compiled-in (or not) OpenSSL support.
Version-Release number of selected component (if applicable):
openssh.x86_64 8.0p1-4.el8_1 @BaseOS
openssh-clients.x86_64 8.0p1-4.el8_1 @BaseOS
openssh-server.x86_64 8.0p1-4.el8_1 @BaseOS
How reproducible:
Always
Steps to Reproduce:
1. Set up a CentOS 8 LXC container on a host with Kernel < 3.17 (for instance CentOS 7)
2. Start OpenSSH in container
Actual results:
Mar 10 10:06:18 devel-el8-test systemd[1]: Starting OpenSSH server daemon...
Mar 10 10:06:18 devel-el8-test sshd[196]: Failed to seed from getrandom: Function not implemented
Mar 10 10:06:18 devel-el8-test systemd[1]: sshd.service: Main process exited, code=exited, status=255/n/a
Mar 10 10:06:18 devel-el8-test systemd[1]: sshd.service: Failed with result 'exit-code'.
Mar 10 10:06:18 devel-el8-test systemd[1]: Failed to start OpenSSH server daemon.
Expected results:
sshd up and running (using fallback for seeding, like openssl (presumably) does)
Additional info:
I know CentOS 8 is shipped with Kernel 4.18, where this isn't an issue, but running on shared components is common (for example Docker).
Just found the attached issue regarding CentOS 8 Docker container, didn't found much otherwise, besides the whole "/dev/random" story around the Kernel.
Thank you for any assistance :)
Nevermind, the Kernel in use was much too old, runs fine after updating CentOS 7.
The getrandom syscal was backported to CentOS 7 Kernel 3.10.0-544 (see bugzilla #1330000).
Issue can be closed.
Thank you for figuring out the issue and coming back. But lets keep this one open and fix it in the next release, as there was never intention to depend on the getrandom syscall.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2020:4439