# Apache - hangs when restarted using ssh connection.

## sschueller

Hi,

My apache hangs when I restart it from a ssh connection. If I restart apache from the console it works fine.

If I ssh to the server and run "/etc/init.d/apache2 stop", the

server shuts down gracefully as expected. Then if I run

"/etc/init.d/apache2 start", the server starts as root but does not

spawn the child processes.

My Error log gets stuck here:

[notice] Digest: generating secret for digest authentication ...

Ive searched the web but I cant find any solutions. I did find some others who have this problem with red hat and the suggestions were that maybe the environmental variables are not correct.

I have two gentoo machines one of which works perfectly. Ive been trying to compare the two apaches but they are almost identical. Can anyone guide me to where else I should look?

I also get the Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName on the machine which hangs. The other machine doesnt get this error although the apache conf files are identical. Also the hosts, resolv, dnsdonainame and hostname files are all set. Maybe this problem is related.

-Stefan

----------

## Throstur

Had the same problem just now, workaround for me:

Edit /etc/apache2/conf/apache2.conf

Comment out the following line:

```
LoadModule auth_digest_module            modules/mod_auth_digest.so
```

I'll post here if I find a more permanent solution.

----------

## gonzalo

It happened to me once. Did the same as above

----------

## sschueller

What is auth_digest_module used for?

-Stefan

----------

## Icer

Just a guess, but it looks like authorization and/or security related module.

----------

## mastabog

That happens to me always if i have the auth_digest module turned On.

What's worse is that it happens even if i reboot Gentoo, not only when I restart Apache from a ssh session. If I reboot Gentoo Apache won;t work, but as soon as I ssh into the box, Apache starts working.

Looking into the error_log I found this:

```
[Fri Apr 09 13:28:37 2004] [notice] Digest: generating secret for digest authentication ...

[Fri Apr 09 13:36:05 2004] [notice] Digest: done
```

The "done" time is exactly the time when I ssh'ed into Gentoo. The previous entry, 8 minutes before is when Apache started. Within those 8 minutes I tried a page with my browser but no answer ... it was hanged.

It seems like a seed/random generatrion conflict with the one in SSH, cus as I said, as soon as i access the ssh daemon with my ssh client, apache starts working.

I'm using Apache 2.0.49 on a Gentoo installed at Linode.com on in a UML environment.

If anyone has a real fix, please tell. I post this as a Gentoo bug if there's not already there.Last edited by mastabog on Thu Aug 11, 2005 9:11 am; edited 1 time in total

----------

## mcap

 *mastabog wrote:*   

> 
> 
> If anyone has a real fix, please tell. I post this as a Gentoo bug if there's not already there.
> 
> 

 

see http://www.linode.com/forums/archive/o_t/t_800/apache_won_t_work_untill_i_ssh_into_my_linode_gentoo.html

```
MY_BUILTINS="--with-devrandom=/dev/urandom" emerge apache
```

works for me  :Idea: 

----------

## petlab

Yo, this Works For Me. 

```
2.6.11.9-grsec #7 SMP Wed Jun 8 14:23:43 UTC 2005 x86_64 AMD Opteron(tm) Processor 246 AuthenticAMD GNU/Linux
```

Now it has zero problems.  I read that /dev/urandom is slightly less random during startup, therefore it isn't as secure.  Hey, if apache won't even start, that is a bigger problem, Doh.

I note that in apache 2.0.54-r6  the directives in 40_mod_ssl.conf didn't work, so I HAD to specify the MYBUILTINS argument.  It seems that when built without the argument, it may ignore these directives telling it which file to use:

```
SSLRandomSeed startup file:/dev/urandom 1024

SSLRandomSeed connect file:/dev/urandom 1024
```

I note also that when I # cat /dev/random  I get nothing, but when I # cat/dev/urandom I get the usual messed up terminal because it is spewing random out.  Seems my /dev/random may not work, even tho I have it put into my kern.

HTH

----------

## frilled

There are kernel options to let network traffic contribute to /dev/random. It's off by default for security reasons (to avoid that someone feeds you a random seed by sending network packets to you), but I think that would be very hard to exploit  :Wink: 

----------

