[Csync2] generating key takes really long time
Clifford Wolf
clifford at clifford.at
Wed Feb 6 12:00:23 CET 2008
Hi,
On Wed, Feb 06, 2008 at 05:46:21AM -0500, George H wrote:
> I got a weird problem, I have csync2 installed on an IBM Blade server
> runing kernel 2.6.23.
> when I run "csync2 -k /etc/mykey" it just takes forever to complete.
> In fact it never completes, I have to CTRL+C to get out and when I
> cat the file it is half done.
>
> When I do teh same thing on a regular linux pc with the same kernel..
> it generates the key in less than a second. So I try to use that
> generated key from the PC onto my blade.. but I get identification
> errors.
Key generation uses /dev/random to acquire some random bytes. the random
data in /dev/random is generated from the kernel using thing like keyboard
and harddisks interrupts, because they can't be predicted by monitoring the
network traffic. servers, especially those with no harddisks, often have
problems with not having enought truly random events the kernel could use
to generate the key.
Easiest solution: Generate the key on a trustworthy machine where key
generation works fine, then transfer it to the server using a secure
channel (such as scp) and remove the key file on the machine where you
generated it afterwards..
yours,
- clifford
--
Hardware /nm./: the part of the computer that you can kick.
More information about the Csync2
mailing list