[Full-disclosure] Identify weak Debian OpenSSL clients in SSH DH key exchange

Hi,

Everybody keeps talking about changing your keys and updating OpenSSL,
but this is not the only issue with the Debian/OpenSSL debacle. Consider
that someone has sniffed your SSH traffic (say at a securit conference?).
If either a compromised server or client were involved, you have got
a problem as the Diffie-Hellmann key exchange at the start of the
SSH session can now be broken. This means that all the data (passwords,
SSH tunnel anyone?) can now be considered compromised if you are
reasonably paranoid.

I've written a script that helps you to identify these weak Diffie-Hellmann
key exchanges in an SSH session and released it at EuSecWest 2008.
The script reads in a PCAP file, looks at the group parameters sent by
the server and at the g^x sent by the client and tries to solve the
discrete logarithm by doing test-exponentiations with the 2^16 x's that
are/were available on a vulnerable Debian system.

As for vulnerable servers, the 2^16 are not enough as they keep on
running and generate new pseudo-random numbers (generated from the one
predictable seed, though). A version that is still to come will use
a database of precomputed exponentiations to check the files thus being
a lot faster. This would allow us to compute the exponentiations for say
the first few thousand iterations for each PID, too (I wonder which
value would be enough here?) ...

I guess it would be useful if the script could decrypt the SSH session
if it has found a hit and save it in a new PCAP file, but unfortunately
the crazy german laws do not allow me to write/publish something like
this. If you live in a country with better laws and can write/publish a
patch, that would be good ...

You can find the script at
http://www.cynops.de/download/check_weak_dh_ssh.pl.bz2

Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink@xxxxxxxxx
mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer:
Bad Homburg v. d. Höhe | | Martin Bartosch

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: ssh session via crontab - problems!
    ... >> beautifully when run from the terminal, but it won't work from cron. ... After running the cron job with -vvv switch and checking the ... down the ssh session. ... I can see in the log on the server that everytime the script runs, ...
    (comp.os.linux.misc)
  • Automatically detach screen after given amount of time ? / Authpf in background ?
    ... A couple days ago I set up authpf on my FreeBSD gateway for authentication of my wifi network. ... the only thing that is/was bothering me was that I had to keep open a terminal on my laptop for the ssh session. ... The thing is I want to see the confirmation authpf gives when starting the ssh transfer. ... So I came up with this script: ...
    (freebsd-questions)
  • Re: restart network without shutdown
    ... Screen will allow the script to complete, whereas your ssh session is killing it half/part way through... ... Processes which start from within screen don't get killed, because, screen, the parent process, is still running. ...
    (freebsd-questions)
  • Terminal clock (script)
    ... A script that ... It's also useful in ssh session on my server, ... just hangs, while new are established and ping is working. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)