Bug#481177: marked as done (openssh-server: randomise size of rsa host keys)
Your message dated Mon, 4 Jan 2010 11:30:48 +0000
with message-id <20100104113048.GA11582@riva.ucam.org>
and subject line Re: Bug#481177: openssh-server: randomise size of rsa host keys
has caused the Debian Bug report #481177,
regarding openssh-server: randomise size of rsa host keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
481177: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481177
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: randomise size of rsa host keys
- From: Jon Dowland <jon+bts@alcopop.org>
- Date: Wed, 14 May 2008 12:25:08 +0100
- Message-id: <20080514112508.GA19157@ankh.ncl.ac.uk>
Package: openssh-server
Version: 1:4.7p1-9
Severity: wishlist
Tags: patch
Hi,
Given that rainbow tables for vulnerable keys are
predicated on the size of the key, would you consider
randomizing the length of the host RSA key, to protect
against future exploits?
Something like this:
--- debian/openssh-server.postinst~ 2008-05-14 11:45:59.000000000 +0100
+++ debian/openssh-server.postinst 2008-05-14 11:48:31.000000000 +0100
@@ -172,12 +172,13 @@
create_keys() {
hostkeys="$(host_keys_required)"
+ bits=$(expr 2048 + $(expr $RANDOM % 64))
create_key "Creating SSH1 key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_key -t rsa1
create_key "Creating SSH2 RSA key; this may take some time ..." \
- "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
+ "$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa -b "$bits"
create_key "Creating SSH2 DSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
}
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.107 add and remove users and groups
ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy
ii dpkg 1.14.19 package maintenance system for Deb
ii libc6 2.7-11 GNU C Library: Shared libraries
ii libcomerr2 1.40.8-2 common error description library
ii libkrb53 1.6.dfsg.3-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-6 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-6 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l
ii libselinux1 2.0.59-1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-10 SSL shared libraries
ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-8 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.1.0 list of blacklisted OpenSSH RSA an
ii openssh-client 1:4.7p1-9 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-server recommends:
ii xauth 1:1.0.3-1 X authentication utility
-- debconf information:
ssh/vulnerable_host_keys:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
--
Jon Dowland
ISS UNIX Team
--- End Message ---
--- Begin Message ---
- To: 481177-close@bugs.debian.org
- Subject: Re: Bug#481177: openssh-server: randomise size of rsa host keys
- From: Colin Watson <cjwatson@debian.org>
- Date: Mon, 4 Jan 2010 11:30:48 +0000
- Message-id: <20100104113048.GA11582@riva.ucam.org>
- In-reply-to: <20080514114755.GU16645@riva.ucam.org>
- References: <20080514112508.GA19157@ankh.ncl.ac.uk> <20080514114755.GU16645@riva.ucam.org>
tags 481177 wontfix
thanks
On Wed, May 14, 2008 at 12:47:55PM +0100, Colin Watson wrote:
> On Wed, May 14, 2008 at 12:25:08PM +0100, Jon Dowland wrote:
> > Given that rainbow tables for vulnerable keys are
> > predicated on the size of the key, would you consider
> > randomizing the length of the host RSA key, to protect
> > against future exploits?
>
> The client is told how long the host RSA key is, so I'm afraid all this
> would do would be to slow an attacker down slightly (a few hours of
> computation at most) and make it infeasible to ship blacklists such as
> we have been able to do this time for at least a reasonable subset of
> the affected keys. Thus, I don't think this is a good idea. Do you
> agree, given this rebuttal?
Nobody replied to this, so I'm going to take silence as consent. :-) I
don't plan to do this unless I see a more definite advantage to doing
so.
Thanks,
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
Reply to: