As a result of a bug in newer Linux Kernel versions (4.16 and newer), your Debian 10-VPS might restart slowly after a reboot command.
In this article, we explain the bug and what you can do as a workaround to solve the problem.
The bug
To understand the bug, it is important to have an idea of how Linux deals with random characters. Are you familiar with this? Then skip ahead to the explanation about the bug.
Random Number Generator (RNG)
Computer systems require completely random / randomly generated characters for use in cryptography (techniques for securing / encrypting information) and other things that require random data. For this purpose, a Random Number Generator is used that uses algorithms to generate random characters (not just numbers).
As soon as you talk about secure / encrypted information in Linux, an RNG component is quickly involved. An example of this is OpenSSL: an RNG is used to generate keys and session keys.
Random seed
The random seed indicates the starting point from which a computer generates a random series of numbers. To generate random data, an RNG uses an algorithm, in which the random seed is one of the values in the calculation.
There is disagreement about the actual cause of this bug and what exactly causes it (and which party must resolve it).
In all cases, it seems that the SSH server needs a certain amount of entropy (from the RNG) before it can start, but at the moment the SSH server is started that point has not yet been reached. This causes the SSH server to fail to start until CRNG is started and the 'random: crng init done' status is given.
Under normal circumstances, when your VPS is restarted, the random seed of that moment is saved and is available again at the start of your OS. It seems that this may not be done entirely correctly, or at a late time, which causes the CRNG to need more time to start.
Several people have already reported this bug since kernel version 4.16 (for example, see this page or this page), but at the moment (kernel 4.19) it has unfortunately not been resolved yet.
- A similar error message such as 'delay during boot - waiting for resume device - message: + random: crng init' can also occur with distros other than Debian 10. In principle, the same applies to these distros as for Debian 10.
- There are also reports from people who indicate that other services such as Nginx can also be affected.
The solution / workaround
As a temporary solution, you can use a different RNG than CRNG. For this, we recommend haveged instead of rng-tools because the support of the latter depends on the underlying hardware and the former also addresses the problem but uses a software solution.
Step 1
Connect to your VPS via SSH or use the VPS console.
Step 2
Install Haveged with the command:
apt -y install havegedHaveged is enabled by default and will start automatically after a restart of your VPS. To test the operation, you can do a restart now and then check with journalctl -xe -u ssh that your SSH server is now starting correctly.
Can you use Virtio RNG?
Virtio RNG is a device that is offered as a hardware RNG device to a VPS. This means that, in principle, it is faster than CRNG or Haveged.
However, we cannot just enable VirtIO RNG on our VPS platform without problems, because this influences the automatic migrations of VPSs, which as a result becomes considerably more complex. Without the necessary changes to our systems, they might not work at all.
We do intend to offer Virtio RNG in the future but cannot yet give a date when this will happen.
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.