Have you ever tried to generate an SSL certificate or gpg-key and it pauses, waiting for kernel to gather sufficient entropy in order to sufficiently randomize the encrypted output? You have probably seen a message such as:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
Virtual machines tend to not have a lot of entropy, at least not without some help. Entropy in Linux refers to the level of random numbers available from the pseudorandom number generator available to the Linux kernel. VirtIO RNG promises to help with this. Until this becomes ubiquitous, you can use rng-tools to gather entropy inside your virtual machine. In fact, rngd is enabled by default since Fedora 18.
Install the rng-tools package using YUM:
sudo yum install rng-tools
Edit the rng-tools configuration file and configure the kernel device used for
random number input. We will use the
/dev/urandrom pseudorandom number generator:
sudo perl -p -i -e 's/EXTRAOPTIONS=""/EXTRAOPTIONS="-r \/dev\/urandom"/' /etc/sysconfig/rngd
sudo chkconfig rngd on sudo service rngd start
Verify available kernel entropy (higher is better)
cat /proc/sys/kernel/random/entropy_avail 173
cat /proc/sys/kernel/random/entropy_avail 4096
It is good to have a large amount of entropy when the kernel needs to use random numbers. This is good for security in order to prevent the generation of duplicate keys, for example.
When spinning up virtual machines, it would be a good idea to have rngd start early in the boot process, before generating the SSH host key pairs during first boot.