Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator).

This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Any OpenSSL-based key generated on a Debian-based system since September 2006 by the openssl, ssh-keygen, or openvpn -- keygen commands are vulnerable to this issue.

Debian and Ubuntu have already issued updates that correct the flaw and provide a blacklist of keys known to be weak. Unfortunately, exploits to take advantage of this flaw exist as well. Likewise, while the affected OpenSSL packages are only on Debian and Debian-derived distributions, it could affect other operating systems as well if those keys were generated on a Debian system. For instance, if your system provides SSH access to external users, and one of them created an SSH keypair using Debian or Ubuntu, then your system, or more particularly those user accounts, should be considered compromised, whether it is running Mandriva, Fedora, or even a BSD variant.

The Debian team has provided a tool that can be used to determine if any such weak keys exist on the system, and it can be run by anyone, regardless of whether they use Debian or not. To begin, download the dowkd.pl perl script and use it to test SSH keys of the host system:

$ cd ~/tmp

$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

$ curl -O -L http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc

$ gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE

$ gpg --verify dowkd.pl.gz.asc

$ gunzip dowkd.pl.gz

$ perl dowkd.pl host localhost

This will download the dowkd.pl perl script and also import a Debian security team member's key from subkeys.pgp.net. If the archive verifies okay with gpg, unarchive it, and then run the script in host-checking mode against the localhost.

If the script detects that the host key is weak, it will indicate such. Next, run the script against user keys on the system:

# perl dowkd.pl user

This check should be run as root in order to obtain access to every user's keys. The script will check the keys and also the authorised_keys file and will alert you if the fingerprint to a remote host indicates a vulnerable key as well. If you wish to check a specific user, append the user name to the command:

# perl dowkd.pl user joe

If the script indicates that any keys are weak, they should be removed and regenerated immediately.

More information on exactly what types of keys and how to test them all is available at http://wiki.debian.org/SSLkeys.