♦ Password
♦ Mailsetup
♦ Info
♦ Workstations
  ♣ Linux
  ♣ MacOS
♦ E-Mail
♦ Chat
♦ Files
♦ Backups
♦ Printers
♦ Network
♦ Statistics
♦ Downloads
♦ Links
♦ Newsletter
♦ Submit
♦ Search
♦ Linux

  Weak SSH and SSL keys
Security Posted by Axel Beckert on Wednesday May 14, @04:52PM
from the Wheel of Fortune for SSL Keys dept.
It has been discovered that the random number generator (RNG) of Debian's OpenSSL package in their current stable release "4.0 Etch" and later (and those OpenSSL packages based on it as those from e.g. Ubuntu) generated predictable randomness (CVE-2008-0166) which means that all keys generated with OpenSSL (e.g. SSH keys, website certificates, etc.) on our managed Linux workstations and other Etch machines are guessable with less effort than assumed. These keys need to be regenerated.

This means that if you connect to some of our Linux workstations SSH or Putty will argue about a changed host key.

This also means that if your personal SSH key has been generated on a Debian (or Ubuntu) with the broken OpenSSL RNG your key will no more from our workstations (or any other uptodate Debian system) and you will be prompted for your D-PHYS password instead.

Read on to find out if your keys are weak, what other services and keys may be affected and how you can generate new keys if necessary. We will add more information to this article as it becomes available.

Not affected keys

Not affected are SSH and other keys generated

  • on non-Linux machines (e.g. MacOS X, Windows, etc.),
  • before 17th of September 2006,
  • before June 2007 on our managed Linux workstations,
  • or on Debian 3.1 Sarge or earlier

are not affected by the weak RNG described above and therefore don't need to be regenerated.

How to check if a key is weak

The easiest way to see if and which of the SSH keys you are using to login on D-PHYS workstation and to login from D-PHYS workstations elsewhere is to use the new ssh-vulnkeys command. It will be installed latest Thursday morning on all our workstations.

For more details on the issue, tools for non-Debian systems and how to check SSH host keys remotely, see Debian Security Advisory DSA-1571 and the SSL Keys page in the Debian Wiki. Some more historical information can be found in a blog posting by Nico Golde.

How to generate new SSH keys

  1. Change to the .ssh subdirectory of your home directory: cd ~/.ssh/
  2. Create a subdirectory to store backup copies of the weak keys: mkdir -v WEAK
  3. Move the weak identity files — usually all — into that directory: mv -vi id* WEAK/
  4. Generate new keys:
    ssh-keygen -t dsa
    ssh-keygen -t rsa
    ssh-keygen -t rsa1
  5. If you are using an SSH Agent to store the keys, the remove the old identities and add the new ones:
    ssh-add -D

Changed SSH Host Keys of D-PHYS Linux Workstations

duamutef:  f0:af:6c:32:5e:ff:9a:1d:5f:bb:63:81:0c:b4:0d:2f
heka:      77:1a:0f:70:8f:b1:ad:43:0b:6b:50:9f:36:d2:9c:ee
hu:        24:20:03:57:f2:fd:20:4f:1e:34:92:6d:ae:22:8b:2e
ka:        5f:e7:4b:57:13:41:96:60:a2:1a:cd:16:a6:a0:cb:52
kreacher:  fa:48:f4:61:fa:5a:4f:d2:91:be:8e:51:d5:fe:49:e4
molokai:   be:2e:55:65:60:58:c2:44:09:8f:17:4a:d8:5b:84:69
morrigan:  32:40:de:4d:ea:f9:23:da:f2:f6:6d:ea:92:b0:48:ed
nemain:    9b:18:2e:9f:5a:1d:6f:e6:f2:36:ff:20:6d:a7:c8:6c
nuada:     d5:f6:f9:5b:61:c4:d7:4e:be:7a:5b:c8:4d:95:03:a8
schafberg: 0c:20:24:a3:2a:56:b3:e8:35:04:8a:0f:ec:62:e0:1e
sia:       f3:db:82:92:fb:81:74:21:80:72:cc:5d:aa:d5:31:f1
wepwawet:  67:ed:2a:04:5b:ef:2c:8b:37:e9:11:b9:b7:49:4a:42

Services other than SSH

Our upcoming backup service (which is currently in beta-test) is also affected. We havcontacted the users personally in this regards.

<  |  >


  Related Links
  • Articles on Security
  • Also by Axel Beckert
  • Contact author
  • The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    © 2003 ISG, Departement Physik, ETH Zürich, <>