David
2008-May-19 00:03 UTC
[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
Package: openssh-client Version: 1:4.7p1-10 Severity: important Tags: security X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org --- Please enter the report below this line. --- I have the packages openssh-blacklist and openssh-blacklist-extra installed. If I run "ssh-vulnkey -a" I get no output, either by running it as user or as root. Nevertheless: # perl dowkd.pl user /home/username/.ssh/known_hosts:1: weak key (OpenSSH/rsa/2048) /home/username/.ssh/known_hosts:2: weak key (OpenSSH/rsa/2048) summary: keys found: 2, weak keys: 2 I am deleting the file /home/username/.ssh/known_hosts right now, so I am afraid it will not be available for debugging :-( --- System information. --- Architecture: i386 Kernel: Linux 2.6.24-1-686 Debian Release: lenny/sid 990 unstable www.debian-multimedia.org 990 unstable ftp.uk.debian.org 500 stable dl.google.com 500 experimental www.debian-multimedia.org 1 experimental ftp.uk.debian.org --- Package information. --- Depends (Version) | Installed =======================================-+-=======================libc6 (>= 2.7-1) | 2.7-11 libcomerr2 (>= 1.33-3) | 1.40.8-2 libedit2 (>= 2.5.cvs.20010821-1) | 2.9.cvs.20050518-4 libkrb53 (>= 1.6.dfsg.2) | 1.6.dfsg.3-2 libncurses5 (>= 5.6+20071006-3) | 5.6+20080503-1 libssl0.9.8 (>= 0.9.8g-9) | 0.9.8g-10 zlib1g (>= 1:1.1.4) | 1:1.2.3.3.dfsg-12 debconf (>= 1.2.0) | 1.5.22 OR debconf-2.0 | adduser (>= 3.10) | 3.107 dpkg (>= 1.7.0) | 1.14.19 passwd | 1:4.1.1-1 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080519/98ded5a0/attachment.htm
Dominic Hargreaves
2008-May-19 08:58 UTC
[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
On Mon, May 19, 2008 at 01:03:45AM +0100, David wrote:> I have the packages openssh-blacklist and openssh-blacklist-extra installed. > > > If I run "ssh-vulnkey -a" I get no output, either by running it as user or > as root. > > Nevertheless: > > # perl dowkd.pl user > /home/username/.ssh/known_hosts:1: weak key (OpenSSH/rsa/2048) > /home/username/.ssh/known_hosts:2: weak key (OpenSSH/rsa/2048) > summary: keys found: 2, weak keys: 2 > > I am deleting the file /home/username/.ssh/known_hosts right now, so I am > afraid it will not be available for debugging :-(Deleting a known_hosts file containing weak keys will not gain you any security (rather, it''ll lose you security unless you rigourously check all the fingerprints of the host keys that used to be stored there). You (or the system administrator of the remote machine in question) need to regenerate the host keys on the remote machine. I wouldn''t expect ssh-vulnkey to tell me about such keys. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Anthony DeRobertis
2008-May-19 14:40 UTC
[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
On Mon, May 19, 2008 at 09:58:20AM +0100, Dominic Hargreaves wrote:> Deleting a known_hosts file containing weak keys will not gain you any > security (rather, it''ll lose you security unless you rigourously check > all the fingerprints of the host keys that used to be stored there).Correct me if I''m wrong, but there really isn''t much of a security difference between just saying "yes" to the prompt and trusting the weak key to verify the host. Well, other than that when you say "yes", at least you know that you''re trusting w/o any verification. I''d suggest that OpenSSH should refuse to connect to a host with a compromised host key. Or at least put up a message no less scary than the man-in-the-middle one.
Dominic Hargreaves
2008-May-19 14:45 UTC
[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
On Mon, May 19, 2008 at 10:40:18AM -0400, Anthony DeRobertis wrote:> On Mon, May 19, 2008 at 09:58:20AM +0100, Dominic Hargreaves wrote: > > Deleting a known_hosts file containing weak keys will not gain you any > > security (rather, it''ll lose you security unless you rigourously check > > all the fingerprints of the host keys that used to be stored there). > > Correct me if I''m wrong, but there really isn''t much of a security > difference between just saying "yes" to the prompt and trusting the weak > key to verify the host. Well, other than that when you say "yes", at > least you know that you''re trusting w/o any verification. > > I''d suggest that OpenSSH should refuse to connect to a host with a > compromised host key. Or at least put up a message no less scary than > the man-in-the-middle one.I''m not disagreeing with any of that. But deleting the *whole* known_hosts file is (to use an English idiom) throwing the baby out with the bathwater -- ie solving the problem in a rather crude and over-the-top way. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email)