Ubuntu
openssh package

[Gutsy] ssh installation results in COMPROMISED keys

Bug #230174 reported by NoOp

This bug report was converted into a question: question #33172: [Gutsy] ssh installation results in COMPROMISED keys.

254
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Undecided
Kees Cook

Bug Description

Following todays updates http://www.ubuntu.com/usn/usn-612-2 & http://www.ubuntu.com/usn/usn-612-1 I did the
$ sudo ssh-vulnkey -a
and notice that my rsa and dsa keys were "Compromised". So I completely uninstalled and purged all ssh packages (ssh, openssh-server etc), deleted the ~/.ssh and /etc/ssh folders. Rebooted & made sure that I had no further ssh packages on the system.

I then installed ssh. The result (shown in the attached file) are yet again compromised keys and the initial warning during install:

====
 Vulnerable host keys will be regenerated

  Some of the OpenSSH server host keys on this system were generated with
  a version of OpenSSL that had a broken random number generator. As a
  result, these host keys are from a well-known set, are subject to
  brute-force attacks, and must be regenerated.

  Users of this system should be informed of this change, as they will be
  prompted about the host key change the next time they log in. Use
  'ssh-keygen -l -f HOST_KEY_FILE' after the upgrade has changed to print
  the fingerprints of the new host keys.

  The affected host keys are:

 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key

  User keys may also be affected by this problem. The 'ssh-vulnkey'
  command may be used as a partial test for this. See
  /usr/share/doc/openssh-server/README.compromised-keys.gz for more
  details.
====

~$ sudo ssh-vulnkey -a
COMPROMISED: 2048 87:99:30:fb:a1:31:4d:33:54:35:6c:aa:80:76:0b:df /etc/ssh/ssh_host_rsa_key.pub
COMPROMISED: 1024 2c:66:57:7f:79:50:08:5a:f7:55:b6:c8:37:17:b9:4f /etc/ssh/ssh_host_dsa_key.pub

This is a clean reinstall using the standard http://archive.ubuntu.com gutsy repos.

Note: update to my Hardy systems went well - I had to reinstall NX, but I need to update anyway. It is only the Gutsy system that I encounter this problem.

/etc/ssh/ssh_host_dsa_key.pub.broken and /etc/ssh/ssh_host_rsa_key.pub.broken keys can be provided upon request.

Installed the following packages:
openssh-blacklist (0.1-1ubuntu0.7.10.1)
openssh-client (1:4.6p1-5ubuntu0.4)
openssh-server (1:4.6p1-5ubuntu0.4)

Revision history for this message
NoOp (glgxg) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Is it possible you did not install the updated openssl package before installing ssh? This could cause ssh to regenerate bad keys.

Changed in openssh:
assignee: nobody → keescook
status: New → Incomplete
Revision history for this message
NoOp (glgxg) wrote : Re: [Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys

On 05/14/2008 09:17 AM, Kees Cook wrote:
> Is it possible you did not install the updated openssl package before
> installing ssh? This could cause ssh to regenerate bad keys.

Please see the file that was attached:
http://launchpadlibrarian.net/14507701/sshinstall.txt

Revision history for this message
Chris K. Jester-Young (cky) wrote :

What version of libssl0.9.8 do you have installed? If older than 0.9.8e-5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to generate bad keys. This is irrespective of what version of openssh-server you have, which only adds checks for vulnerable keys, and does not affect key generation.

Revision history for this message
NoOp (glgxg) wrote :

On 05/14/2008 06:23 PM, Chris K. Jester-Young wrote:
> What version of libssl0.9.8 do you have installed? If older than 0.9.8e-
> 5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to
> generate bad keys. This is irrespective of what version of openssh-
> server you have, which only adds checks for vulnerable keys, and does
> not affect key generation.
>

libssl0.9.8 is 0.9.8.g-4ubuntu2

No idea why my version is the newer, other than perhaps the fact that
this machine is a Dapper ==> Edgy ==> Fiesty ==> Gutsy updated/upgraded
machine and at one point I may have attempted to install a Hardy package
that brought it in.

I'll bring in 0.9.8e-5ubutu3.1 and see if that makes a difference....

Well via Synaptic the only version is

libssl0.9.8-dbg:
  Depends: libssl0.9.8 (=0.9.8e-5ubuntu3.2) but 0.9.8g-4ubuntu3 is to be
installed

So that didn't work. Try again:
http://packages.ubuntu.com/gutsy/i386/libssl0.9.8/download
====
Not Found

The requested URL
/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb was
not found on this server.
====

deb http://security.ubuntu.com/ubuntu gutsy-security main
added, and the result is:

$ sudo apt-get install --reinstall libssl0.9.8
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reinstallation of libssl0.9.8 is not possible, it cannot be downloaded.

Suggestions?

Revision history for this message
Chris K. Jester-Young (cky) wrote :

First, because you have a custom non-gutsy libssl0.9.8, I think this establishes the non-bugness of this report. I would suggest to the owner of this bug ticket that this be turned into a help request instead.

In response to the rest of the message: the 5ubuntu3.1 version no longer exists in the security repository. If you use the same link, but change the 3.1 to 3.2, it'll work better.

Normally I'd just suggest you apt-get install libssl0.9.8 (without --reinstall), but because you manually upgraded to a non-gutsy version of libssl0.9.8, this is unlikely to work. But yes, try downloading the package as mentioned above, and see if you can install it by hand. It may break some packages, especially the ones that brought in the non-gutsy libssl.

All the best!

Revision history for this message
NoOp (glgxg) wrote :

Per Chris K. Jester-Young's suggestion, I downloaded and manually installed:
libssl0.9.8_0.9.8e-5ubuntu3.2_i386.deb
That resolved the problem and I now show:

====
$ sudo apt-get install ssh
[sudo] password for:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  openoffice.org-writer libneon27 openoffice.org-impress libicu38
  openoffice.org-draw libhal-storage-dev openoffice.org-math libhal-dev
  libldap-2.4-2 libdb4.6 openoffice.org-calc
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  openssh-blacklist openssh-client openssh-server
Suggested packages:
  ssh-askpass libpam-ssh keychain rssh molly-guard
The following NEW packages will be installed:
  openssh-blacklist openssh-client openssh-server ssh
0 upgraded, 4 newly installed, 0 to remove and 6 not upgraded.
Need to get 0B/3080kB of archives.
After unpacking 6672kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Preconfiguring packages ...
Selecting previously deselected package openssh-client.
(Reading database ... 291500 files and directories currently installed.)
Unpacking openssh-client (from .../openssh-client_1%3a4.6p1-5ubuntu0.5_i386.deb) ...
Selecting previously deselected package openssh-blacklist.
Unpacking openssh-blacklist (from .../openssh-blacklist_0.1-1ubuntu0.7.10.1_all.deb) ...
Selecting previously deselected package openssh-server.
Unpacking openssh-server (from .../openssh-server_1%3a4.6p1-5ubuntu0.5_i386.deb) ...
Selecting previously deselected package ssh.
Unpacking ssh (from .../ssh_1%3a4.6p1-5ubuntu0.5_all.deb) ...
Setting up openssh-client (1:4.6p1-5ubuntu0.5) ...

Setting up openssh-blacklist (0.1-1ubuntu0.7.10.1) ...
Setting up openssh-server (1:4.6p1-5ubuntu0.5) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
 * Restarting OpenBSD Secure Shell server sshd [ OK ]

Setting up ssh (1:4.6p1-5ubuntu0.5) ...

$ sudo ssh-vulnkey -a
Not blacklisted: 2048 90:f3:b6:29:cd:57:ef:1d:2e:af:1a:26:87:ec:5b:17 /etc/ssh/ssh_host_rsa_key.pub
Not blacklisted: 1024 ca:ff:17:ee:f9:6a:d1:32:a9:85:2b:af:70:80:bd:ce /etc/ssh/ssh_host_dsa_key.pub
====

Thank you Chris!

Changed in openssh:
status: Incomplete → Invalid
Revision history for this message
web_rebe (r-weber-fast-lta) wrote :

Hi there.
Since I had the same problem and didn't find a complete Solution on the Net.
So, I wanted to share my solution with other people having this problem.

The Problem is:
I am running a dapper version of Ubuntu. Since some piece of software (e.g. Nagios2) requires a newer version, someone added this to the source.list (e.g. hardy).
Within the Installation of the software, it seems that libssl also updated to a newer version.
Since the modified entries from the sources.list were removed imidiatly or the updates-repository for this version weren't added, the update isn't executed for the newer Version of libssl.

Solution is:
Install newest openssh-server / openssh-client
If the keygeneration does not work, see which libssl-version is installed (gutsy, feisty, hardy etc.) and add the corresponding update-repository to the source.list.
Running apt-get update; apt-get install libssl0.9.8 should then update to the latest update-version.
Now, keygeneration should be fine.

I put exactly this way (except SSH Installation) into a bash script.
Running it solved, the Problem on all of my machines.
Please make sure - if running it - that all it only updates libssl0.9.8. If it tells you that it has to remove some stuff you should overthink it again.
On all of my machines, it only updated libssl0.9.8 and worked fine.

Have fun

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.