Compromised host keys

From: Jim Cheetham (jim.cheetham_at_ecosm.com)
Date: 11/04/03

  • Next message: Maxwell Bottiger: "RSA passphrase and PAM"
    To: secureshell@securityfocus.com
    Date: Wed, 05 Nov 2003 08:46:22 +1300
    
    

    I have a set of machines at a hosting provider (I won't name them at
    this stage), and have just noticed that the host keys on all my machines
    are identical (actually, the whole ssh config directory is identical).

    I am presuming that this is a 'feature' of their build environment, and
    I have to assume that other customers of theirs with the same
    OS/version, also have the same keys.

    With a copy of the host key I guess it's possible for an attacker to
    masquerade as my server, and run a man-in-the-middle attack. Presumably
    they'd also need to compromise DNS (if I'm reaching my server by name)
    or routers on the path (to divert the IP stream).

    What other attacks could be made by someone who has a copy of my server
    host keys?

    -jim


  • Next message: Maxwell Bottiger: "RSA passphrase and PAM"

    Relevant Pages

    • Re: Still ssh issues
      ... > I have several machines managed by a nim master. ... > installed using mksysb installation (I tried to make customization to ... owner and back them up. ... Make sure NOT to assign passphrases for the host keys! ...
      (comp.unix.aix)
    • Re: Question about automatically adding hostkey for users
      ... > Why not simply add the host keys to the global known-hosts lists once and ... Auto-adding the keys leaves you open to ... This application will be released to three different UNIX machines. ...
      (comp.security.ssh)
    • Re: Question about automatically adding hostkey for users
      ... > Why not simply add the host keys to the global known-hosts lists once and ... Auto-adding the keys leaves you open to ... This application will be released to three different UNIX machines. ...
      (comp.security.ssh)
    • Re: I have been CHALLENGED. . .
      ... My _older_ Debian boxes are unaffected. ... It's only the host keys for the ... machines I've built in the last few months that have popped up on my ...
      (alt.sysadmin.recovery)
    • Re: Problem with SSH host keys
      ... Are you sure you want to continue connecting? ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ...
      (Debian-User)