2

I'm planning to set up periodic checks for system health on a multiple remote systems. To achieve this I've set up key-based authentication to execute scripts on remote side without interaction

i.e.:

ssh -i /path/to/id_rsa -o "StrictHostKeyChecking=no" user@remote "/path/to/script.sh"

A colleague has expressed concern regarding using SSH due to draining entropy too fast. The plan is to issue between 15 to 25 checks as the one above for every 1-2 minutes. The remote systems are mostly virtualized on a KVM host. Will this method be safe? For understanding; how is entropy used in a SSH session?

parkamark
  • 1,118
  • 6
  • 11
ToastStudios
  • 23
  • 4

1 Answers1

3

"Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method." ~John von Neumann

Randomness is harder to achieve than one might think; in fact, even defining randomness is difficult (or picking the right definition for a given situation). For example, "random" numbers that are perfectly good for statistical modeling might be terrible for cryptography. Each of these applications requires certain properties of its random input, such as an even distribution. Cryptography, in particular, demands unpredictability so an attacker reading our data can't guess our keys. True randomness -- in the sense of complete unpredictability -- can't be produced by a computer program. Any sequence of bits produced as the output of a program eventually repeats itself.

For true randomness, you have to turn to physical processes, such as fluid turbulence or the quantum dice of radioactive decay. Even there, you must take great care that measurement artifacts don't introduce unwanted structure.

  • So far, your colleague is right.

SSH implementations make use of randomness (=entropy in this case), but the process is completely invisible to the user.

Here's what happens under the hood

SSH1 and SSH2 use a kernel-based randomness source if it is available, along with their own sampling of (one hopes) fluctuating system parameters, gleaned by running different processes. It uses these sources to seed its PRNG, as well as to "stir in" more randomness every once in a while. Since it is expensive to gather randomness this way, SSH stores its pool of random bits in a file between invocations of the program (/etc/ssh2/random_seed). This file is protected and used during key generation, not after the keys are exchanged, not within a connection.

To make it short: The entropy of such a connection key-pair is system based not connection based (or even command based).

  • Knowing this, its clear that concerns regarding SSH "draining entropy" are nonsense.
bjoster
  • 4,423
  • 5
  • 22
  • 32