Security vulnerability in Ubilinux?

WereCatfWereCatf New Member Posts: 201
You have included the SSH host-keys in the Ubilinux-image, instead of regenerating them at runtime during installation, meaning that everyone who installs Ubilinux 4 has the same SSH-host-keys installed in /etc/ssh/, dated September 8 at 12:04. Now, I'm not a security-expert, but I am under the impression that those keys should always be unique and generated from scratch for every installation.

Comments

  • eduncan911eduncan911 Administrator, Moderator Posts: 157 admin
    You are most likely correct (haven't verified as I am Ubuntu and ArchLinux w/Xen for testing ATM). My take on Ubilinux is that security wasn't a concern (default username/password, SSH installed by default, etc).

    The installation seems to just be a packaged snapshot of a working system. This is why the partition layout is forced automatically, SSHd is enabled by default, certain non-default LXQt settings, etc.

    The host keys are generated as part of openssh installation - which is required for SSHd - and most likely before this "snapshot" happens.

    I'd say their focus was simplicity for makers over security.

    I wouldn't say it's a major issue though - as long as you are not exposing SSH over the internet for people to connect to and trusting your device as a forwarder. In the past I've actually deployed large clusters 30+ bare metal clusters of servers across data centers using the same host keys in order to load balance ssh connections. If each server had a unique host key, the user would get the "Nasty" error message. That was like 20 years ago though...

    One advantage (small advantage) that this has is if you constantly format/re-image your UP boards with Ubilinux (as I do for testing a lot), you won't get that annoying "Nasty" error for any automated scripts (I use Chef to provision new boxes). By using the same host key, i can point to any new Ubilinux install and securely connect to perform automated setup.

    From a security perspective, using the same SSH host keys makes you prone to man-in-the-middle-attacks using SSH in where someone could theoretically trick you into
    ssh <different-ip-address-than-your-real-ip>
    
    , in where you'd log into their server instead of your own Ubilinux installation. By using the same host key, your local ssh client wouldn't know that it was talking to a different server - as the SSH host key on the server is used to uniquely identify users. Well, the IP address might be caught with newer ssh clients as being different. But that warning is not as strict as the "nasty" error you get when server host keys change.

    Unless I am missing something, your Ubilinux installation is not vulnerable - attackers wouldn't be able to gain access to your Ubilinux installation by using a known host key. In this regard of sharing the SSH Host key across, all the attacker would be able to do would be to minick your Ubilinux machine with their own - allowing you to log into their own machine. Where this becomes dangerous is if you are forwarding your SSH private key through your Ubilinux machine to act as, say, as an ssh tunnel gateway to another SSH box. Aka, ssh forwarder. If they can place their own Ubilinux machine in the middle of your gateway, and trick you into forwarding your private key to them - bam, now they have your private key for the host you were trying to connect to and would be able to gain access to other other systems you were trying to ssh tunnel to by generating their own ssh pubkey, using your private key they stole when you forwarded it as a tunnel.

    Anyhoot, those concerned can regenerate the host keys.

    I haven't tested this yet as I don't have an Ubilinux installation to test ATM. Once I do, I'll come back and edit as needed - as well as add it to the wiki.
    # Delete old ssh host keys
    sudo rm -v /etc/ssh/ssh_host_*
    
    #Reconfigure OpenSSH Server
    sudo dpkg-reconfigure openssh-server
    
    # I think Ubilinux uses systemd: need to restart sshd
    sudo systemctl restart ssh
    

    On your local box, you'll need to update your
    known_hosts
    
    file for your Ubilinux installation to avoid the "nasty" error. If you are curious, go ahead and try to ssh again now after you made the changes above - you should see the nasty error. :)

    If you do that, if you enter "yes" it will update things for you and you don't need to do anything else.

    If you, like me, like to script things, the command is:
    ssh-keygen -R <ubilinux-ip-address>
    

    Source: https://www.cyberciti.biz/faq/howto-regenerate-openssh-host-keys/

    Eric Duncan - UP Evangelist - My thoughts are of my own free will

    Answered? Please remember to mark the posted answered to highlight it for future visitors!

Sign In or Register to comment.