Description of problem:
This happens on a CentOS 8 LXC container running on a CentOS 7 Host (or anything with a Kernel < 3.17).
OpenSSH fails to start due to a failing SYSCALL to not implemented function "getrandom".
Normally it should fallback to /dev/urandom, at least I presume that's why OpenSSL has no issues.
Rebuilding OpenSSH in this environment it doesn't throw this error.
I suspect it's the compiled-in (or not) OpenSSL support.
Version-Release number of selected component (if applicable):
openssh.x86_64 8.0p1-4.el8_1 @BaseOS
openssh-clients.x86_64 8.0p1-4.el8_1 @BaseOS
openssh-server.x86_64 8.0p1-4.el8_1 @BaseOS
Steps to Reproduce:
1. Set up a CentOS 8 LXC container on a host with Kernel < 3.17 (for instance CentOS 7)
2. Start OpenSSH in container
Mar 10 10:06:18 devel-el8-test systemd: Starting OpenSSH server daemon...
Mar 10 10:06:18 devel-el8-test sshd: Failed to seed from getrandom: Function not implemented
Mar 10 10:06:18 devel-el8-test systemd: sshd.service: Main process exited, code=exited, status=255/n/a
Mar 10 10:06:18 devel-el8-test systemd: sshd.service: Failed with result 'exit-code'.
Mar 10 10:06:18 devel-el8-test systemd: Failed to start OpenSSH server daemon.
sshd up and running (using fallback for seeding, like openssl (presumably) does)
I know CentOS 8 is shipped with Kernel 4.18, where this isn't an issue, but running on shared components is common (for example Docker).
Just found the attached issue regarding CentOS 8 Docker container, didn't found much otherwise, besides the whole "/dev/random" story around the Kernel.
Thank you for any assistance :)
Nevermind, the Kernel in use was much too old, runs fine after updating CentOS 7.
The getrandom syscal was backported to CentOS 7 Kernel 3.10.0-544 (see bugzilla #1330000).
Issue can be closed.
Thank you for figuring out the issue and coming back. But lets keep this one open and fix it in the next release, as there was never intention to depend on the getrandom syscall.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.