Difference between revisions of "Debian OpenSSL"

This is a compilation of my notes on this matter

Links

• http://www.debian.org/security/2008/dsa-1576
• http://www.debian.org/security/key-rollover/
• http://metasploit.com/users/hdm/tools/debian-openssl/
• http://www.milw0rm.com/exploits/5622
• http://www.yobi.be/files/blacklist.RSA-1024 32-bit Intel platform

misc

• http://www.nabble.com/blacklist.RSA-1024-missing--td17258799.html

OpenSSH

Blacklists

• Current official blacklists cover RSA-2048 and DSA-1024 keys as generated on 32-bit little-endian, 64-bit little-endian and 32-bit big-endian systems
• Version Including 4096bit RSA fingerprints: http://love.hole.fi/atte/openssh-blacklist/openssh-blacklist_0.1.2_all.deb
• debian_ssh_scan_v3.tar.bz2 now including DSA 1024, RSA 2048 and RSA 4096 bit keys. Check tool dusplays also PID so very easy to generate the corresponding key.

Check

Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client
This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe

On Lenny/Sid, you can extract the Etch /etc/ssh/blacklist* and /usr/bin/ssh-vulnkey and use them

Ongoing...

cat mykeys |cut -c 19,20,22,23,25,26,28,29,31,32,34,35,37,38,40,41,43,44,46,47|sort|uniq

ssh-myvuln.sh |grep ":..:..:"|sed 's/\(.\).* \(..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..\) \(.*\)/\2 \1 hostname:\3/'|sort

Renew server keys

mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.broken
mv /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub.broken
mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.broken
mv /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub.broken
dpkg-reconfigure openssh-server
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

Generate vuln keys & blacklists

To generate yourself the vulnerable key set:

wget http://sugar.metasploit.com/ubunturoot.tar.bz2
wget http://metasploit.com/users/hdm/tools/debian-openssl/dokeygen.sh

Put dokeygen.sh in the root of the ubuntu filesystem Example for RSA 1024 (but RSA keys were upgraded by default to 2048 since Sept 2005)

sudo chroot ubunturoot
for ((i=1;i<32768;i++)); do 
  echo $i;
  /dokeygen.sh $i -t rsa -b 1024 -f /tmp/rsa_1024_$i; 
done

Ideally keys & blacklists must be generated on 32 & 64-bit platforms, little & big endian

Then to extract the fingerprints to make the blacklist

for ((i=1;i<32768;i++)); do 
  if [ -e rsa_1024_$i ]; then
    echo $i;
    f=$(ssh-keygen -l -f rsa_1024_$i|sed 's/1024 \([0-9a-f:]\+\) rsa.*/\1/;s/://g') 
    mv rsa_1024_$i $f-$i 
    mv rsa_1024_$i.pub $f-$i.pub 
    echo $f |sed 's/^............//'>> blacklist.RSA-1024 
  fi 
done

OpenSSL

wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
cd openssl-blacklist-0.1
Edit debian/control and cleans the dependence on openssl for Ubuntu
fakeroot debian/rules binary
cd ..
sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb

Now you have openssl-vulnkey tool

OpenVPN

It's not about the SSL keys, those can be checked with openssl-vulnkey.
It's about the shared static keys (openvpn -genkey)

wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
cd openvpn-blacklist-0.1
fakeroot debian/rules binary
cd ..
sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb

Now you have openvpn-vulnkey tool

Others

• encfs
  • My key is older, ouf!