HEADS UP: blacklisting of weak ssh keys

Aggelos Economopoulos aoiko at cc.ece.ntua.gr
Fri May 16 08:48:51 PDT 2008


By now every administrator and/or ssh user should have heard about the
bug in debian's ssl library. If you've been offline for the past few days,
start here:

http://lists.debian.org/debian-security-announce/2008/msg00152.html
http://metasploit.com/users/hdm/tools/debian-openssl

While our OpenSSL library does not suffer from this bug, it possible that
some of your users have generated their keys on a buggy debian or 
debian-derivative (e.g. Ubuntu) system. This would mean their account can be 
easily compromised by a brute-force attack because of the relatively small 
number of keys that need to be tried.

Today Simon updated our openssh to have the server reject any of the 
blacklisted keys by default. This may mean that some users will no longer be 
able to log in remotely, but the alternative is to leave the machine 
vulnerable to any of the key scanners circulating on the internet. If for 
some reason you need to allow the compromised keys you can set 
PermitBlacklistedKeys to Yes in your sshd_config.

Also included in the update is the ssh-vulnkey program which you can use to 
compare the keys in your user accounts to the blacklist. Please note that the 
blacklist is not yet exhaustive; at the moment it covers only the keys 
created with the most common key generation parameters.

It is strongly recommended that you upgrade your server (by rebuilding world) 
as soon as possible and remove any weak keys from the ~/.ssh/authorized_keys 
file. After this, you will have to arrange for any affected users to install 
new, properly generated, ssh keys.

Any SSL certificates generated in the vulnerability window (2006-09-17 to now) 
on a debian system will have to be replaced as well.

Aggelos





More information about the Kernel mailing list