httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [users@httpd] HTTPD asking for password after power failure
Date Fri, 12 Aug 2016 19:31:54 GMT
Hash: SHA256


On 8/11/16 11:10 PM, Marat Khalili wrote:
> From what I saw, this behavior of /dev/random is totally normal on
> an idle Linux system.

There seems to be some confusion about /dev/random on Linux systems.
Yes, the behavior described here is normal: when the system comes up,
there is very little entropy available on /dev/random. /dev/random
needs random events to occur in order to provide that entropy, and
those events are things like I/O interrupt timings, etc.

IIRC, Linux relies on the keyboard to generate lots of those events
and, on a server, the keyboard by definition doesn't get used. So
other events are required to fill that entropy pool. So, after a
reboot, the entropy pool is "shallow".

/dev/random is supposed to be a source of high-quality randomness
/dev/urandom is supposed to be a source of low-quality randomness

> Just do not ever use /dev/random.

The choice of which to use is up to you, but remember that low-quality
randomness gets you low-quality crypto keys. But to say that one
should "not ever use /dev/random" is really bad advice.

- -chris


> --
> With Best Regards, Marat Khalili
> On July 30, 2016 6:04:42 AM GMT+03:00, Nick Williams 
> <> wrote:
> It took me a while to get back to this (it’s not a
> mission-critical server, but I have hit a point where I really do
> need to get it working again).
> `apachectl restart` hung for many, many minutes without any input, 
> and I eventually quit it. I ran it again with `strace -Ff
> apachectl restart`. Towards the end it had read all of the vhost
> config files and opened up the request and error logs configured in
> them, and it read the media types config file:
> [pid 22537] read(35, "# This file maps Internet media "..., 4096) =
> 4096
> But after that is where things got weird:
> [pid 22537] mmap(NULL, 8192, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f73aff27000 [pid 22537]
> open("/dev/random", O_RDONLY|O_CLOEXEC) = 35 [pid 22537] read(35, "
> p$\242\33\241", 1024) = 6 [pid 22537] read(35,
> "\205\31\345\274A\336", 1018) = 6 [pid 22537] read(35,
> "\335\16\7\370\343\311", 1012) = 6 [pid 22537] read(35,
> "\265\362\20}F\234", 1006) = 6 [pid 22537] read(35,
> "\223}\\\0+\242", 1000) = 6 [pid 22537] read(35,
> Each `read` line there took about a full minute. It’s spending 
> FOREVER reading from /dev/random. That led me to try to read from 
> /dev/random, and it is only generating a byte every few seconds. I 
> don’t know why, but /dev/random appears to be borked on this
> machine.
> I changed ssl-global.conf to use /dev/urandom instead of 
> /dev/random, and it started right up in a matter of seconds.
> I know this is now off-topic, but does anyone know why /dev/random 
> would suddenly be gathering almost no entropy? I have never had
> this problem on this system before.
> Thanks,
> Nick
>> On Jul 16, 2016, at 9:56 PM, Frank Gingras < 
>> <>> wrote:
>> Try to use apachectl restart instead to bypass your init
>> scripts. The latter are likely to hide actual errors that would
>> appear on STDERR.
>> If apachectl restart still gives you that error, perhaps your 
>> distro mangled it as well. Then, I would use strace with httpd
>> -X to get the complete picture.
>> On Sat, Jul 16, 2016 at 6:47 AM, Nicholas Williams 
>> < 
>> <>> wrote:
>> I have a server running OpenSUSE 42.1 with stock Apache HTTPD 2
>> installed from the package manager. It has been running without
>> issue for well over a year. We've restarted the service and the
>> server since then without issue. The service always starts  on
>> its own when the server boots.
>> Last night we had a power failure. The sever came up fine. All 
>> services, including MySQL, started fine. No obvious issues appear
>> anywhere. But HTTPD didn't start automatically. So I logged in to
>> the server to investigate and try to start it.
>> `service apache2 status` said FAILED with no details. 
>> `/var/log/apache2/error_log` showed nothing since the day before
>> the power failure.
>> `service apache2 start` hung for about 2 minutes, and then said
>> FAILED with no details. `/var/log/apache2/error_log` still showed
>> nothing since the day before the power failure. There was nothing
>> in the system log since my log-in to the server.
>> So I tried `strace -Ff service apache2 start`. The only thing I
>> see suspicious is it calls open on 
>> `/run/systemd/ask-password-block`. It appears it times out after
>> never receiving a password. But I have no idea why it would do
>> that. None of my SSL certificates have passphrases, and I've
>> always been able to start HTTPD without a password.
>> I'm at a loss here. Any suggestions?
>> Thanks,
>> Nick 
>> ---------------------------------------------------------------------
To unsubscribe, e-mail:
>> <> For additional
>> commands, e-mail: 
>> <>
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message