So you’re a Raspberry Pi or Cubieboard or BeagleBone hacker, and you download a Raspbian image, or a Cubian image for your Cubie, or whatever BeagleBones run, or, really, any premade *nix image. This applies to virtual appliances and prebuilt Virtualbox and VMware server images, too!
What critically important thing will you probably forget to do, that you’d never notice amiss (but the NSA will)? Change the ssh host keys.
I can’t overemphasize this enough. If you are using a premade Linux image of any kind, or an image of any OS which has ssh host keys, then other people already have your private keys. You NEED to change them, right now.
This can be accomplished pretty easily on a Debian based distro. I’m taking this straight off ServerFault, if you want a peek at all the answers (including those that will work for *hrk* Red Hat descendants).
The simplest solution
This one is courtesy of Pascal Polleunus on ServerFault.
- Become root, or tack ‘sudo’ on the front of all the following commands.
- Delete old ssh host keys:
- Reconfigure OpenSSH Server:
- Update all ssh client(s)
~/.ssh/known_hostsfiles – otherwise you’ll get the REMOTE HOST KEY HAS CHANGED freakout message – and if you see that message and don’t expect it, tread carefully – something very much like that but cleverer is how my team came in 2nd in a penetration contest in a hands-on security class at Portland State.
Want a stronger RSA ssh host key than 2048 bits?
Some people prefer an RSA key of 4096 bits. I don’t disagree with them; RSA is getting a bit long in the tooth. To get a 4096 bit ssh host key, you can either do the above and then, as root:
ssh-keygen -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
service ssh restart
Or, follow Olipro‘s generic procedure (which should work for *ulch* Red Hat type distros) and add
-b 4096 to the RSA host key generation command. Note, you can’t really increase DSA key size, and I don’t believe there’s any security benefit to increasing ECDSA key size.
1. It wasn’t quite so bad as one of our team members ignoring the HUGE WARNING MESSAGE that OpenSSH gives off when a host key changes. This was 2007, so the details are hazy, but our attacker managed to gain access to our system as a sudo-blessed user with a man-in-the-middle attack. We were using an RSA host key, and he did an ssh version of the SSL stripping attack: he stepped in the middle, handed our team member a DSA host key when signing in, the team member saw the “new host key” message which is much less freaky than the key-change message, thought “that’s mildly odd” and proceeded to log in. Game over, man, game over.
2. DSA key size is specified in some standard somewhere, and as with ECDSA, I’m not sure there’s any benefit to increasing key size anyway at this point. Let me know if I’m wrong about either of those, though.