2

Customer has vendor who generates a Scan for PCI compliance on their Debian 8 server.

Taken from their report:

DSA keys and RSA keys shorter than 2048 bits are considered vulnerable. It is recommended to install a RSA public key length of at least 2048 bits or greater, or to switch to ECDSA or EdDSA.

Most of my search returns how to deal with ssh as a client. Of the few that obliquely touch on hardening this server suggest that I look to alter the /etc/ssh/ssh_config.

Even though it is said to be out of date, I ran ssh-audit from my local and it provided some suggestions to remove some of the keys, mac and hex. Seeing the vendor's report I commented out

#HostKey /etc/ssh/ssh_host_ecdsa_key

and restarted the ssh.service and re-ran the ssh-audit from local, which didn't seem to change its list of recommendations suggesting that I've not done something right.

I suspect I'm not doing the right thing to resolve this for my customer. What should I be doing instead?

This is a follow-on to showing PCI vendor that Debian 8 has been successfully patched.

sam452
  • 219
  • 6
  • 14

1 Answers1

2

On Debian jessie (currently oldstable and in LTS; you should have LTS enabled and be upgrading within the next few months) ssh RSA keys are currently generated with 2048 bits. But if the system was upgraded to jessie, it might have had old keys generated with 1024 bits.

You can use a command like the following to check the status of the host RSA key:

error@vmtest-debian8:~$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 1a:bc:78:5e:2f:37:dd:75:c2:70:e8:18:41:35:b9:2e /etc/ssh/ssh_host_rsa_key.pub (RSA)

If the key is less than 2048 bit, you need to generate a new ssh host key.

error@vmtest-debian8:~$ sudo ssh-keygen -N '' -b 2048 -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
/etc/ssh/ssh_host_rsa_key already exists.
Overwrite (y/n)? y
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
47:60:91:14:b1:15:6e:6d:ea:e9:36:37:31:08:d3:69 root@vmtest-debian8
The key's randomart image is:
+---[RSA 2048]----+
|       .B=o.     |
|       ..= .     |
|        ..+.o    |
|        ooEo     |
|        S+o.     |
|         o..o    |
|          o  o   |
|         .o o    |
|         ..o .   |
+-----------------+

And of course restart OpenSSH.

error@vmtest-debian8:~$ sudo systemctl restart sshd

Note that the next time anyone connects to the server, they might get a nastygram like this and be unable to connect:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

Affected users will need to edit their known hosts appropriately.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Thank you, so this is via OpenSSL? This system started with Jessie and returns 2048. No clue why PCI vendor believes it's too small. – sam452 Mar 04 '19 at 17:22
  • @sam452 No, it's OpenSSH. I only used the `openssl` command line tool to show the properties of the RSA key. It's not actually necessary to use that tool. – Michael Hampton Mar 04 '19 at 17:24
  • @sam452 Does your host have a DSA key? I delete these when machines are provisioned if they exist, and where possible prevent them from being recreated. – Michael Hampton Mar 04 '19 at 17:29