Kitz Forum
Computer Software => Linux => Topic started by: tickmike on February 01, 2018, 02:51:28 PM
-
If you have some up to date' ish Linux Live CD's could you look in /etc/ssh/ to see if there are pre-installed ssh keys in there please.
I have noticed on PCLinuxOS live CD's there are about 10 or 11 :o then they get transferred over when you do a install to the hard drive.
Just wonder why they are there.
-
Nothing there on my recently installed Arch Linux, nor on the live CD.
-
Interesting, I will see if I get anymore replies before I decide to remove them or not.
-
I don't know about live CDs, but Debian doesn't install any SSH keys by default.
-
I can't help with your original query but make a suggestion that you move then from the directory and then see if any protocol or utility fails to operate?
-
@ roseway it seems odd they are on the live cd, I did not get a very good response when I suggested the developer had forgot to remove them or was it a backdoor . :blush:
@ Mr cat yes good idea I will park them in a dead end directory and run a few tests.
-
I think you might find that if/when you ssh into the machine, there will some palavar about whether you're quite sure you really want to login there. Aren't the keys there to identify the machine?
I'm not sure when they get setup, but I'm pretty sure it shouldn't be when you install the operating system off an iso. Maybe when/if you install a ssh server, or first try to ssh in.
-
@tickmike what keys are present? Public or private? Passphrase protected? What pathnames?
-
Yes possibly to identify the machine.
All below have there 'Private' pair
ssh_host_rsa_key.pub
ssh_host_ed25519_key.pub
ssh_host_ecdsa_key.pub
ssh_host_dsa_key.pub
ssh_host_key.pub
Also
moduli
ssh_config
sshd_config
-
Those files are generated during installation of an ssh server. If you have installed that yourself and the dates look okay then all is fine. If the files came from the install medium you would do well to regenerate them.
-
The dates all seem to be about 2012 ???
This is a 11/2017 iso burnt Live CD. !
Just looking on the Live CD and they are they same dates :o they would be as they came from the same Live CD , so all the machines I have loaded this Distro on all have the identical ssh ident files, great, no wounder I am having lots of connection problems. Thanks PCLinuxOS .
-
https://www.ssh.com/ssh/host-key
HOST KEYS SHOULD BE UNIQUE
Each host (i.e., computer) should have a unique host key. Sharing host keys is strongly not recommended, and can result in vulnerability to man-in-the-middle attacks.
@tickmike you should regenerate the keys on the hosts on which you have installed PCLinuxOS. Then submit a security bug report to them.
That is assuming you are using an official PCLinuxOS release. One characteristic of that distro is that it easy to produce your own Live ISOs.
-
Thanks , I spent some time last night re-doing the keys for 3 machines and more to do, I first removed the old keys then I used 'ssh-keygen' to generate new keys, give them the correct names and set the correct permissions.
Removed the old idents in 'known-hosts'.
I will send another 'security bug report to them' again. (See my comment in a post 5 above).
-
I will send another 'security bug report to them' again. (See my comment in a post 5 above).
It is not a backdoor and the risk of an exploit is very low. It would affect a client which logged into one of your afflicted servers. A MITM attack would first need to get onto your network and spoof the server. When ssh is properly configured the client would notice that the server had changed because of its key signature. This PCLinuxOS bug breaks that safeguard.
The bug itself is not severe but it indicates a sloppy attitude to security. I would wonder what else might be awry.
-
Thanks, do you work on networks ?.
Do you know if there is a way to re-generate the 'ssh-config' and 'sshd-config' files.
Is it worth re-generating the 'SSH moduli' file ? https://entropux.net/article/openssh-moduli/
-
You should be able to use Synaptic to repair the relevant packages. If that reintroduces the key files then complain louder or find another distro.
-
Would you be-leave it, new OS updates today including 'Openssh' .
It's only just wiped out all the special ssh host keys I spent hours doing on my server and machines. :o >:D
also added new ssh_config and sshd_config files and moduli .