Comments (5)
tinco
commented on May 30, 2024
I've tested this by running ssh-keygen in a loop, on a modern system this never takes over 200 milliseconds. I think the 'tens of seconds' remark in the documentation is either regarding to slow systems or older kernels where it was harder to get entropy.
from baseimage-docker.
kingdonb
commented on May 30, 2024
Did you do your testing on a headless machine? Being able to gather entropy from a mouse and keyboard is obviously going to make this faster. Hardware PRNGs are going to make it faster.
Repeated testing I showed times between <100ms and >1100ms. Not tens of seconds by any means. Also I am pretty sure that this would only need to be done once per container, even if the service was started on demand... maybe if you were starting containers on demand this would be a big deal. What's this about regenerating the key every time? Won't you get bountiful warnings from your ssh client about unrecognized keys if you tried to do that?
If I generate both rsa and dsa format keys, I am still not seeing any results with those tens of seconds. Never more than one and a half seconds. This is on an (older?) x86 machine I use for most of my docker'ing.
Just curious why you wouldn't want ssh to be resident if it's listening. Does an idle sshd process listening on 22 consume lots of memory? On my system it doesn't seem to. Are you seeing any gains when you use the ipsvd? Where?
from baseimage-docker.
tinco
commented on May 30, 2024
I don't see the point either, just trying to clear up an old issue.
What command did you use to generate the server key? I couldn't get it to go slow (> 200ms), even on my server, but my server is a VPS on a big Xeon machine so perhaps it's fast too.
from baseimage-docker.
kingdonb
commented on May 30, 2024
for i in `seq 1 37`; do
time (ssh-keygen -t rsa -f foo -P foofoofoo>/dev/null
rm foo foo.pub; ssh-keygen -t dsa -f foo -P foofoofoo>/dev/null
rm foo foo.pub
)
done 2>&1 |grep real|sort
37 being the height of my terminal in rows and about as many results as I can display on one screen; a more rigorous test would do max/min/avg/med but I was aiming for just good enough to gauge ballpark numbers.
Yeah, I have no stake in this issue myself, no position either just trying to be generally helpful.
from baseimage-docker.
FooBarWidget
commented on May 30, 2024
Now that SSH is disabled by default, I do not think this is useful.
from baseimage-docker.
Related Issues (20)
- You should probably simply the docs to show the memcached example very early on HOT 3
- We now have a Discord server!
- Changelog for `focal-1.1.0` HOT 3
- hi. rocky8 or centos8 not support? HOT 3
- Change container builder from Docker to Buildah/Podman HOT 5
- There is a missing tag for focal-1.1.0 HOT 5
- pull error HOT 3
- Is the version of 0.10.2 alreadly outdated..? HOT 2
- apt does not work HOT 7
- syslog-ng warning HOT 2
- User inside the container HOT 9
- Timezone change HOT 2
- The docker pull command on the hub.docker.com page doesn't work HOT 1
- Security vulnerabilities HOT 6
- Docker Hub and Free Team Organisations HOT 1
- Base on Ubuntu 22.04 LTS? HOT 1
- Where did the MASTER tag go?
- package architecture (amd64) does not match system (arm64) on Macbook M2 HOT 1
- how to enable sshd in baseimage? HOT 2
- Status of jammy-1.0.2 build HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from baseimage-docker.