Difference between revisions of "Debian OpenSSL"

Revision as of 13:19, 16 May 2008

This is a compilation of my notes on this matter

Links

misc

http://www.nabble.com/blacklist.RSA-1024-missing--td17258799.html

OpenSSH

Blacklists

Current official blacklists cover RSA-2048 and DSA-1024 keys as generated on 32-bit little-endian, 64-bit little-endian and 32-bit big-endian systems
Version Including 4096bit RSA fingerprints: http://love.hole.fi/atte/openssh-blacklist/openssh-blacklist_0.1.2_all.deb
debian_ssh_scan_v3.tar.bz2 now including DSA 1024, RSA 2048 and RSA 4096 bit keys. Check tool dusplays also PID so very easy to generate the corresponding key.
http://www.red-bean.com/~maxb/ contains also RSA-1024 and RSA-1023 but not all archs, to be converted:

cat $1 | sed 's/^............//' | sort > blacklist.$(echo $1|cut -c 1-8|tr a-z A-Z)

Check

Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client
This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe

On Lenny/Sid, you can extract the Etch /etc/ssh/blacklist* and /usr/bin/ssh-vulnkey and use them

To checks all my vservers I did this [{{#file: ssh-myvuln.sh}} little script]:

#!/bin/bash


function filter () {
    sed 's/\(Not blacklisted: \)/\1                   /;
         s/\(COMPROMISED: \)/\1                       /;
         s/222$/.broken/;
	 '
}

function scan () {
    #echo $1
    ssh-vulnkey $1 | filter
}

function checkpath () {
    mypath="$1"
    echo "===== server keys at $mypath ====="
    for i in $(ls ${mypath}etc/ssh/*_key 2>/dev/null); do scan $i; done
    echo "===== discarded broken server keys at $mypath ====="
    for i in $(ls ${mypath}etc/ssh/*_key.pub.broken 2>/dev/null); do cp $i ${i%%.broken}222; scan ${i%%.broken}222; rm ${i%%.broken}222; done
    echo "===== client keys at $mypath ====="
    for i in $(ls ${mypath}root/.ssh/id* 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}home/*/.ssh/id* 2>/dev/null); do scan $i; done
    for v in $(ls ${mypath}etc/passwd 2>/dev/null); do 
        for u in $(cat $v|awk -F: '{print $6}'|sort|uniq|egrep -v "^(/root|/home/[a-z0-9]*)$"|sed 's#^/##'); do
            for i in $(ls ${v%%etc/passwd}${u}/.ssh/id* 2>/dev/null); do scan $i; done
        done
    done
    echo "===== authorized external client keys at $mypath ====="
    for i in $(ls ${mypath}root/.ssh/*_keys* 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}home/*/.ssh/*_keys* 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}var/lib/backuppc/.ssh/*_keys* 2>/dev/null); do scan $i; done
    echo "===== known external server keys at $mypath ====="
    for i in $(ls ${mypath}etc/ssh/known_hosts 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}root/.ssh/known_hosts 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}home/*/.ssh/known_hosts 2>/dev/null); do scan $i; done
    for i in $(ls ${mypath}var/lib/backuppc/.ssh/known_hosts 2>/dev/null); do scan $i; done
}

checkpath "/"
checkpath "/home/vservers/*/"

To get a resume sortable on the fingerprint:

ssh-myvuln.sh |grep ":..:..:"|sed 's/\(.\).* \(..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..\) \(.*\)/\2 \1 hostname:\3/'|sort > mykeys

To get a list to check against a blacklist:

cat mykeys |cut -c 19,20,22,23,25,26,28,29,31,32,34,35,37,38,40,41,43,44,46,47|sort|uniq > myfing
cat myfing blacklist | sort | uniq -d

Renew server keys

mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.broken
mv /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub.broken
mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.broken
mv /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub.broken
dpkg-reconfigure openssh-server
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

Generate vuln keys & blacklists

To generate yourself the vulnerable key set:

wget http://sugar.metasploit.com/ubunturoot.tar.bz2
wget http://metasploit.com/users/hdm/tools/debian-openssl/dokeygen.sh

Put dokeygen.sh in the root of the ubuntu filesystem Example for RSA 1024 (but RSA keys were upgraded by default to 2048 since Sept 2005)

sudo chroot ubunturoot
for ((i=1;i<32768;i++)); do 
  echo $i;
  /dokeygen.sh $i -t rsa -b 1024 -f /tmp/rsa_1024_$i; 
done

Ideally keys & blacklists must be generated on 32 & 64-bit platforms, little & big endian

Then to extract the fingerprints to make the blacklist

for ((i=1;i<32768;i++)); do 
  if [ -e rsa_1024_$i ]; then
    echo $i;
    f=$(ssh-keygen -l -f rsa_1024_$i|sed 's/1024 \([0-9a-f:]\+\) rsa.*/\1/;s/://g') 
    mv rsa_1024_$i $f-$i 
    mv rsa_1024_$i.pub $f-$i.pub 
    echo $f |sed 's/^............//'>> blacklist.RSA-1024 
  fi 
done

OpenSSL

wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
cd openssl-blacklist-0.1
Edit debian/control and cleans the dependence on openssl for Ubuntu
fakeroot debian/rules binary
cd ..
sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb

Now you have openssl-vulnkey tool

OpenVPN

It's not about the SSL keys, those can be checked with openssl-vulnkey.
It's about the shared static keys (openvpn -genkey)

wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
cd openvpn-blacklist-0.1
fakeroot debian/rules binary
cd ..
sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb

Now you have openvpn-vulnkey tool

Others

encfs
- My key is older, ouf!