Re: Host keys after cloning

From: Marius Huse Jacobsen (mahuja_at_c2i.net)
Date: 08/31/04


Date: Tue, 31 Aug 2004 11:50:37 +0200
To: Ugo Bellavance <secureshell@securityfocus.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Ugo,

Thursday, August 26, 2004, 8:56:26 PM, you wrote:

UB> I just cloned a server to save install time, but now I realize that
UB> the ssh host key is the same for every server. That makes sense since I
UB> cloned them, but I was wondering if that was insecure, and how to
UB> regenerate them.

There was a minor discussion on this a while ago. I don't remember how
much of it was private and how much public, but the summary is:

If somebody gets the key from one, they have the key for all. We
concluded that the only real use for the host key was to enable
undetectable MITM attacks. This would be against all of the boxes, not
just the one they got it from. It would also make bruteforce
decryption easier, but still not so easy it would make much of a difference.

(There's the host key and a 'key of the hour' which both will have to
be cracked to decrypt the content of a sniffed connection.)

That said, there's no particular reason to use the same key. Even the
slighter weakness to MITM attacks is a reason not to.

- - --
Best regards,
 Marius mailto:mahuja@c2i.net
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBNEcCl9nYJJam7WsRAvZcAJ9mAkOi7X0SDDQvCZLmljvp1Fr1KgCg4vyc
iTHu4/rQpx21WcYNidE9JyQ=
=+FXB
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBNEntl9nYJJam7WsRAlzrAJ4sEK0SnSJKwBrJTxH67xwMLzSdmgCeNupJ
M2fWzgwLLQAVtio8uyM8wBc=
=dD05
-----END PGP SIGNATURE-----