Networking

Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability

Vincent Danen reports on a recent vulnerability that affects Debian-based systems, including Ubuntu. This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Here's what you need to do to protect your system.

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Any OpenSSL-based key generated on a Debian-based system since September 2006 by the openssl, ssh-keygen, or openvpn --keygen commands are vulnerable to this issue.

Debian and Ubuntu have already issued updates that correct the flaw and provide a blacklist of keys known to be weak. Unfortunately, exploits to take advantage of this flaw exist as well. Likewise, while the affected OpenSSL packages are only on Debian and Debian-derived distributions, it could affect other operating systems as well if those keys were generated on a Debian system. For instance, if your system provides SSH access to external users, and one of them created an SSH keypair using Debian or Ubuntu, then your system, or more particularly those user accounts, should be considered compromised, whether it is running Mandriva, Fedora, or even a BSD variant.

The Debian team has provided a tool that can be used to determine if any such weak keys exist on the system, and it can be run by anyone, regardless of whether they use Debian or not. To begin, download the dowkd.pl perl script and use it to test SSH keys of the host system:

$ cd ~/tmp
$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
$ gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE
$ gpg --verify dowkd.pl.gz.asc
$ gunzip dowkd.pl.gz
$ perl dowkd.pl host localhost

This will download the dowkd.pl perl script and also import a Debian security team member's key from subkeys.pgp.net. If the archive verifies okay with gpg, unarchive it, and then run the script in host-checking mode against the localhost.

If the script detects that the host key is weak, it will indicate such. Next, run the script against user keys on the system:

# perl dowkd.pl user

This check should be run as root in order to obtain access to every user's keys. The script will check the keys and also the authorized_keys file and will alert you if the fingerprint to a remote host indicates a vulnerable key as well. If you wish to check a specific user, append the user name to the command:

# perl dowkd.pl user joe

If the script indicates that any keys are weak, they should be removed and regenerated immediately.

More information on exactly what types of keys and how to test them all is available at http://wiki.debian.org/SSLkeys.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

5 comments
rpr.nospam
rpr.nospam

To be able to import a key from subkeys.pgp.net I had to open outgoing TCP/IP port 11371 (OpenPGP HTTP Keyserver port) on my firewall. Also you can use "wget" instead of "curl -O -L". -- rpr.

carlo.a
carlo.a

Good point; but, how come the key (belonging to Florian Weimer?) is *not* trusted? I 'm quite sure that all debian team members *must* have a trusted signature.

Selena Frye
Selena Frye

Have you used the tool provided by Debian to test your system for bad keys?

vdanen
vdanen

You have to add Florian to *your* web of trust. Frank is right... this is entirely on your end. He can't make his key trusted, just by virtue of being on the Debian team. Heck, you could download my gpg key and I'd like to think I'm to be trusted, but it would ultimately be your call. Perhaps a future article describing the idea behind the gpg web of trust is in order... hmmmm....

frank.schafer
frank.schafer

AFAIK no one can make his own key to be trusted by anyone. If you want the key of Florian to be trusted on your system you will ahve to add his key to your trusted key ring. .02$