May 14, 2008
OpenSSL Ouch
I won't repeat it here, but there's DSA-1571-1 waiting for your attention,
especially if you made some material out of openssl over the last couple of
years or so. Yes, you read it right: COUPLE.
Upgrading to the new OpenSSL is easy. Generating new keys is another story.
To save (or add to, depending on how you handle this) your pain, there is a simple checker that can currently see if your OpenSSH or OpenVPN public keys are weak enough to warrant replacement. I await a version that can handle X.509 certificates too (though I only just generated a new one today, before the announcement, so that means I have to do it again (and get its CSR to CACert for signing, etc.)
And yeah, if you're running openssh-server, consider regenerating your host RSA and DSA keys, e.g.:
# mv /etc/ssh/ssh_host_{dsa,rsa}_key* /some/place/else
# dpkg-reconfigure -plow openssh-server
That should regenerate your keys and restart openssh-server once the new keys
are installed to /etc/ssh.
The hard part (of making sure all the keys of your systems are updated and tested) is still up to you, however.
UPDATE: The Debian wiki has up-to-date information regarding other packages that generate SSH/SSL keys at postinst. Please refer to that while the key-rollover page isn't up yet.
UPDATE 2: openssh-server is updated (with corresponding
DSA-1576-1) that is linked to the updated OpenSSL library. Be sure to
upgrade! The new package also pulls in openssh-blacklist, a new package
that contains the database needed by the new ssh-vulnkey for checking SSH
public keys.
Tags: debian, linux, openssh, openssl, perl, remote, vulnerability. | Posted at: 00:32 | 13 Comments/Trackbacks.
Mikko Nurminen wrote at 2008-05-14 05:18:
Rather unfortunate unpleasantness, this whole DSA-1571-1 thing. But nice instructions, much appreciated. Saved me from having to read those pesky man-pages. :-)
Zak Elep wrote at 2008-05-14 07:45:
@anonymous: yeah that's true so I'm putting off generating new CSRs for them to sign until the dust settles. I may have do my current certificates as self-signed for now.
@Mikko: Good to know that it helped you! I think the same process also works for other packages that generate SSL keys at postinst (dovecot, courier and dropbear come to mind.)
anonymous wrote at 2008-05-14 21:47:
I still get vuln keys once openssl updgraded :s With the debian tool anybody knows?
Zak Elep wrote at 2008-05-14 22:17:
@anonymous: you probably still have weak keys somewhere (/etc/ssh/ssh_host_*_key* come to mind.) What does
ssh-vulnkeysay?
anonymous wrote at 2008-05-14 22:25:
Well i have still not installed todays updates because i have to know if it can affect the https thing ( i must redo the cert but i can`t left whithout that service the servers). So i installed the yesterdays updated openssl package and regenerated the host keys. Still getting 'weak key' from debian .pl T_T
Zak Elep wrote at 2008-05-14 22:34:
Hmm let me understand this better:
- You installed the latest
opensslpackage; are you sure it is the latest version (0.9.8c-4etch3 for etch)?- You currently have an HTTPS service active; was the SSL certificate on your HTTPS service created within the past 24 months?
- You ran the checker script as noted in the advisory (
dowkd.pl.) How did you run this script?
Anonymous wrote at 2008-05-14 22:44:
Yes, I installed the last openssl.
- openssl 0.9.8c-4etch3 Secure Socket Layer (SSL) binary and related cry. (dpkg -l openssl )
- yes
- perl dowkd.pl host localhost
output after reconfigure and recreate keys:
# localhost SSH-2.0-OpenSSH_4.3p2 Debian-9 # localhost SSH-2.0-OpenSSH_4.3p2 Debian-9 localhost: weak key localhost: weak key
Zak Elep wrote at 2008-05-14 23:15:
@anonymous: from what it looks, you still have weak keys in
/etc/ssh/ssh_host_dsa_key.puband/etc/ssh/ssh_host_rsa_key.pub. You need to regenerate those keys, and restart the sshd service as I did in my post above.
anonymous wrote at 2008-05-14 23:32:
Well, there is no way. I still get weak keys, i suppose something went wrong. I think i must update the openssh-server. One only question: The new package blacklist will affect the https transactions? (with a cert witch may be 'weak' )
Zak Elep wrote at 2008-05-14 23:37:
@anonymous: the
openssh-blacklistpackage only has a list for checking SSH keys, not SSL keys. You should upgrade youropenssh-serverand runssh-vulnkeyafterward to see if the weak keys (at the very least, those keys installed/generated by Debian packages) are removed.
Qbi's Weblog mentioned this post in "Tor und die OpenSSL-Lücke bei Debian":
[...]Über die schwere Sicherheitslücke im OpenSSL-Paket von Debian wurde in verschiedenen Quellen berichtet. Wer mehr Informationen haben will, findet im Debian-Wiki Anweisungen. Außerdem stehen bei Zak B. Elep Hinweise und HD Moore stellte auch eine nette Sei[...]
CLICK mentioned this post in "OpenSSL bug in Debian, Ubuntu and ... anything based on Debian":
[...]So who hasn't heard about the bug in OpenSSL in Debian-based distributions that renders any SSH keys created in the past two years extremely weak from a cryptographic standpoint. The problem is that instead of many millions of potential cryptographically...[...]
Leave a Comment
URL for TrackBack pings: http://blog.zakame.net/news/openssl-remote-dsa-1571/trackback
anonymous wrote at 2008-05-14 03:38: