Bug#481177: marked as done (openssh-server: randomise size of rsa host keys)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 4 Jan 2010 11:30:48 +0000
with message-id <20100104113048.GA11582@riva.ucam.org>
and subject line Re: Bug#481177: openssh-server: randomise size of rsa host keys
has caused the Debian Bug report #481177,
regarding openssh-server: randomise size of rsa host keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
481177: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481177
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: randomise size of rsa host keys
• From: Jon Dowland <jon+bts@alcopop.org>
• Date: Wed, 14 May 2008 12:25:08 +0100
• Message-id: <20080514112508.GA19157@ankh.ncl.ac.uk>

Package: openssh-server
Version: 1:4.7p1-9
Severity: wishlist
Tags: patch

Hi,

Given that rainbow tables for vulnerable keys are
predicated on the size of the key, would you consider
randomizing the length of the host RSA key, to protect
against future exploits?

Something like this:

--- debian/openssh-server.postinst~	2008-05-14 11:45:59.000000000 +0100
+++ debian/openssh-server.postinst	2008-05-14 11:48:31.000000000 +0100
@@ -172,12 +172,13 @@
 
 create_keys() {
 	hostkeys="$(host_keys_required)"
+	bits=$(expr 2048 + $(expr $RANDOM % 64))
 
 	create_key "Creating SSH1 key; this may take some time ..." \
 		"$hostkeys" /etc/ssh/ssh_host_key -t rsa1
 
 	create_key "Creating SSH2 RSA key; this may take some time ..." \
-		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
+		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa -b "$bits"
 	create_key "Creating SSH2 DSA key; this may take some time ..." \
 		"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
 }



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser                3.107             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.21            Debian configuration management sy
ii  dpkg                   1.14.19           package maintenance system for Deb
ii  libc6                  2.7-11            GNU C Library: Shared libraries
ii  libcomerr2             1.40.8-2          common error description library
ii  libkrb53               1.6.dfsg.3-2      MIT Kerberos runtime libraries
ii  libpam-modules         0.99.7.1-6        Pluggable Authentication Modules f
ii  libpam-runtime         0.99.7.1-6        Runtime support for the PAM librar
ii  libpam0g               0.99.7.1-6        Pluggable Authentication Modules l
ii  libselinux1            2.0.59-1          SELinux shared libraries
ii  libssl0.9.8            0.9.8g-10         SSL shared libraries
ii  libwrap0               7.6.q-15          Wietse Venema's TCP wrappers libra
ii  lsb-base               3.2-8             Linux Standard Base 3.2 init scrip
ii  openssh-blacklist      0.1.0             list of blacklisted OpenSSH RSA an
ii  openssh-client         1:4.7p1-9         secure shell client, an rlogin/rsh
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages openssh-server recommends:
ii  xauth                         1:1.0.3-1  X authentication utility

-- debconf information:
  ssh/vulnerable_host_keys:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:

-- 
Jon Dowland
ISS UNIX Team

--- End Message ---

--- Begin Message ---

• To: 481177-close@bugs.debian.org
• Subject: Re: Bug#481177: openssh-server: randomise size of rsa host keys
• From: Colin Watson <cjwatson@debian.org>
• Date: Mon, 4 Jan 2010 11:30:48 +0000
• Message-id: <20100104113048.GA11582@riva.ucam.org>
• In-reply-to: <20080514114755.GU16645@riva.ucam.org>
• References: <20080514112508.GA19157@ankh.ncl.ac.uk> <20080514114755.GU16645@riva.ucam.org>

tags 481177 wontfix
thanks

On Wed, May 14, 2008 at 12:47:55PM +0100, Colin Watson wrote:
> On Wed, May 14, 2008 at 12:25:08PM +0100, Jon Dowland wrote:
> > Given that rainbow tables for vulnerable keys are
> > predicated on the size of the key, would you consider
> > randomizing the length of the host RSA key, to protect
> > against future exploits?
> 
> The client is told how long the host RSA key is, so I'm afraid all this
> would do would be to slow an attacker down slightly (a few hours of
> computation at most) and make it infeasible to ship blacklists such as
> we have been able to do this time for at least a reasonable subset of
> the affected keys. Thus, I don't think this is a good idea. Do you
> agree, given this rebuttal?

Nobody replied to this, so I'm going to take silence as consent. :-) I
don't plan to do this unless I see a more definite advantage to doing
so.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---