Kitz Forum

Computer Software => Linux => Topic started by: tickmike on February 01, 2018, 02:51:28 PM

Title: ssh Keys
Post by: tickmike on February 01, 2018, 02:51:28 PM

If you have some up to date' ish Linux Live CD's could you look in /etc/ssh/   to see if there are pre-installed ssh keys in there please.

I have noticed on PCLinuxOS live CD's there are about 10 or 11  :o then they get transferred over when you do a install to the hard drive.
Just wonder why they are there.

Title: Re: ssh Keys
Post by: petef on February 01, 2018, 08:17:32 PM

Nothing there on my recently installed Arch Linux, nor on the live CD.

Title: Re: ssh Keys
Post by: tickmike on February 02, 2018, 02:53:03 PM

Interesting, I will see if I get anymore replies before I decide to remove them or not.

Title: Re: ssh Keys
Post by: roseway on February 02, 2018, 04:20:22 PM

I don't know about live CDs, but Debian doesn't install any SSH keys by default.

Title: Re: ssh Keys
Post by: burakkucat on February 02, 2018, 05:26:01 PM

I can't help with your original query but make a suggestion that you move then from the directory and then see if any protocol or utility fails to operate?

Title: Re: ssh Keys
Post by: tickmike on February 02, 2018, 05:42:40 PM

@ roseway it seems odd they are on the live cd, I did not get a very good response when I suggested the developer had forgot to remove them or was it a backdoor .  :blush:

@ Mr cat  yes good idea I will park them in a dead end directory and run a few tests.

Title: Re: ssh Keys
Post by: 22over7 on February 02, 2018, 07:28:13 PM

I think you might find that if/when you ssh into the machine, there will some palavar about whether you're quite sure you really want to login there.  Aren't the keys there to  identify the machine?   

I'm not sure when they get setup, but I'm pretty sure it shouldn't be when you install the operating system off an iso. Maybe when/if you install a ssh server, or first try to ssh in.

Title: Re: ssh Keys
Post by: petef on February 04, 2018, 02:07:37 PM

@tickmike what keys are present? Public or private? Passphrase protected? What pathnames?

Title: Re: ssh Keys
Post by: tickmike on February 06, 2018, 02:25:33 PM

Yes possibly to identify the machine.

All below have there 'Private' pair

ssh_host_rsa_key.pub
ssh_host_ed25519_key.pub
ssh_host_ecdsa_key.pub
ssh_host_dsa_key.pub
ssh_host_key.pub

Also
moduli
ssh_config
sshd_config

Title: Re: ssh Keys
Post by: petef on February 06, 2018, 07:31:05 PM

Those files are generated during installation of an ssh server. If you have installed that yourself and the dates look okay then all is fine. If the files came from the install medium you would do well to regenerate them.

Title: Re: ssh Host Keys
Post by: tickmike on February 06, 2018, 09:12:23 PM

The dates all seem to be about 2012  ???
This is a 11/2017 iso burnt Live CD. !

Just looking on the Live CD and they are they same dates :o they would be as they came from the same Live CD , so all the machines I have loaded this Distro on all have the identical ssh ident files, great, no wounder I am having lots of connection problems. Thanks PCLinuxOS .

Title: Re: ssh Keys
Post by: petef on February 06, 2018, 11:35:53 PM

https://www.ssh.com/ssh/host-key
HOST KEYS SHOULD BE UNIQUE
Each host (i.e., computer) should have a unique host key. Sharing host keys is strongly not recommended, and can result in vulnerability to man-in-the-middle attacks.


@tickmike you should regenerate the keys on the hosts on which you have installed PCLinuxOS. Then submit a security bug report to them.

That is assuming you are using an official PCLinuxOS release. One characteristic of that distro is that it easy to produce your own Live ISOs.

Title: Re: ssh Keys
Post by: tickmike on February 07, 2018, 10:57:33 AM

Thanks , I spent some time last night re-doing the keys for 3 machines and more to do, I first removed the old keys then I used 'ssh-keygen' to generate new keys, give them the correct names and set the correct permissions.
Removed the old idents in 'known-hosts'.

I will send another 'security bug report to them' again. (See my comment in a post 5 above).

Title: Re: ssh Keys
Post by: petef on February 07, 2018, 01:37:03 PM

Quote from: tickmike on February 07, 2018, 10:57:33 AM

I will send another 'security bug report to them' again. (See my comment in a post 5 above).

It is not a backdoor and the risk of an exploit is very low. It would affect a client which logged into one of your afflicted servers. A MITM attack would first need to get onto your network and spoof the server. When ssh is properly configured the client would notice that the server had changed because of its key signature. This PCLinuxOS bug breaks that safeguard.

The bug itself is not severe but it indicates a sloppy attitude to security. I would wonder what else might be awry.

Title: Re: ssh Keys
Post by: tickmike on February 07, 2018, 02:19:35 PM

Thanks, do you work on networks ?.

Do you know if there is a way to re-generate the 'ssh-config' and 'sshd-config' files.

Is it worth re-generating the 'SSH moduli' file ?   https://entropux.net/article/openssh-moduli/

Title: Re: ssh Keys
Post by: petef on February 07, 2018, 08:46:42 PM

You should be able to use Synaptic to repair the relevant packages. If that reintroduces the key files then complain louder or find another distro.

Title: Re: ssh Keys
Post by: tickmike on February 09, 2018, 10:14:34 PM

Would you be-leave it, new OS updates today including 'Openssh'  .
It's only just wiped out all the special ssh host keys I spent hours doing on my server and machines.   :o >:D
also added new ssh_config and sshd_config files and moduli .