Why SSH Login Stalls on New UCloud Hosts: Entropy Delays and Kernel Bugs

1. Initial Investigation

A user experienced very slow first SSH login after creating a FastJet cloud host using the "High‑Kernel Ubuntu 18.04" image. The delay could last dozens of seconds or minutes.

Running ssh -v showed the client hanging after "debug1: pledge: network" while authentication had already succeeded, indicating the problem occurred after PAM processing in /etc/pam.d/sshd.

Disabling the motd line in the PAM configuration and restarting the host eliminated the delay.

Further analysis revealed that the motd mechanism runs scripts in /etc/update-motd.d/. The script 50‑landscape‑sysinfo invoked /usr/bin/landscape‑sysinfo, which caused the stall.

Stracing landscape‑sysinfo showed it blocked on the getrandom system call until /dev/urandom was fully initialized (around 23:10:48).

2. Deep Investigation

Comparing hosts showed that the problematic host used a newer version of landscape‑sysinfo that called getrandom with blocking flags, while a working host used an older version that did not.

Upgrading the working host reproduced the issue, confirming the version change as the cause.

Further testing identified that the libssl1.1 package upgrade to 1.1.1 introduced the blocking getrandom call, affecting any process that relied on libssl for random numbers (e.g., nginx with HTTPS).

Investigation of kernel logs indicated a known kernel bug (CVE‑2018‑1108) where getrandom could remain blocking after fast initialization. The bug was present in kernels 4.17–4.19 without the CONFIG_RANDOM_TRUST_CPU option enabled.

Enabling CONFIG_RANDOM_TRUST_CPU (which uses the CPU's RDRAND instruction to seed the entropy pool) or disabling the offending MOTD script resolved the delay.

3. Summary

The SSH login stall occurs when the following conditions are met:

Linux kernel version 4.17 or newer. CONFIG_RANDOM_TRUST_CPU is not set (or the CPU lacks RDRAND support).

The kernel bug affecting getrandom has not been reverted. libssl version 1.1.1 or newer is used.

Impact extends beyond SSH; any process using libssl for random numbers may block for several minutes after reboot, affecting services like HTTPS.

Fixes include enabling CONFIG_RANDOM_TRUST_CPU when building kernels 4.19+, disabling the MOTD script, or avoiding kernel versions 4.17–4.19 with the bug.

UCloud released updated images with the kernel option enabled and advises custom kernel users to avoid the vulnerable range or apply the relevant CVE patches.