Hetzner - DokuWiki

Ed25519/en

Inhaltsverzeichnis

Security Notice for Ed25519 SSH host keys

An SSH server uses host keys to uniquely identify itself to connecting clients. These keys are normally automatically regenerated each time a new installation is done via the Robot or the installimage.

Due to an error in the installation software introduced on April 10th, 2015, the Ed25519 SSH host keys (/etc/ssh/ssh_host_ed25519_key) on our standard images were no longer automatically regenerated.

This resulted in identical Ed25519 SSH host keys for each affected OS image.

An attacker may use this to compromise or eavesdrop on the communication between the client and the server using a man-in-the-middle attack.

However, due to the security of our network setup, such an attack within our network is highly unlikely as each server can only directly communicate with the corresponding router.

Nevertheless we would like to urge you to replace the Ed25519 SSH host key of your server as soon as possible. The other host keys (RSA, DSA, ECDSA) are not affected and are unique.

Affected images/Fingerprints

  • CentOS-71-64-minimal
SHA256:QTye4yVCd1Ph0+d0zWVW2g4Sw37nv3MXcxBYjIw+NL0
MD5:ad:95:9c:0a:09:14:be:23:90:c2:10:2e:83:f9:7c:93
  • CentOS-72-64-minimal
SHA256:R1ZEXqTwn4j1WyZ61veNZi0Xcton4RvtZcd6peW9QZk
MD5:71:65:6f:e0:59:65:cb:ce:29:91:f7:39:20:b1:9c:c4
  • Debian-80-jessie-64-LAMP
  • Debian-80-jessie-64-minimal
  • Debian-81-jessie-64-LAMP
  • Debian-81-jessie-64-minimal
  • Debian-82-jessie-64-LAMP
  • Debian-82-jessie-64-minimal
SHA256:FhhBSaUV8T2ZqRRtSqXsmBj2ByTQt6MVuoCDtBQFmwg
MD5:7f:0e:75:35:5b:fe:bd:a6:df:97:7b:fd:0f:b7:65:7b
  • openSUSE-132-64-minimal
SHA256:vMTjcKunUVC+59v+rVFU2OjSNVs4xvjRWqtv8Z/Uf94    
MD5:49:45:60:8e:1b:f9:30:ec:52:f1:d3:ac:33:72:20:84
  • openSUSE-421-64-minimal
SHA256:MEXCW9SmGGupaZT6hZP49SiUB2uWoDBwdMxJjA8xtYs
MD5:c5:c0:2c:a1:0c:b2:89:26:8f:de:5c:9c:90:11:fd:e3
  • Ubuntu-1404-trusty-64-minimal
SHA256:ZMcIFjuNGgLw09tQVUe/DoJH7yd8oDUdkPCmUH0/gEU
MD5:11:ff:de:e3:46:2c:d2:42:21:dc:f6:49:e3:9c:91:59
  • Ubuntu-1410-utopic-64-minimal
SHA256:rMhwQfZKgpi64Oq+b/bLbftNBdQw/fxexK0liY22P2E  
MD5:4b:0b:84:d3:6f:de:fb:a4:85:d0:78:2e:85:e6:75:bb
  • Ubuntu-1504-vivid-64-minimal
SHA256:cgIM1t/Hn1XGD7Uf2a3dvU8kEF0JoIntdO/N2qgsri0  
MD5:22:e5:73:08:a7:4f:e4:e6:8c:5e:aa:d1:10:35:f7:59
  • Ubuntu-1510-wily-64-minimal
SHA256:CI6pAvXx4nyZFTE/21aOQD4xRwn+ePXa82rlWzL0rps
MD5:f8:68:b0:c6:e0:ef:22:1d:dd:1b:1f:5d:50:bd:92:c5

Displaying the current fingerprint

The current fingerprint can be displayed via "ssh-keygen":

ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub

Depending on the OpenSSH version installed, the output is in either MD5 or SHA256 format. Newer versions of SSH can be forced to output in MD5 format using an additional parameter:

ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub -E md5

Exchange / generation of Ed25519 SSH host keys

To replace the affected key, simply use "ssh-keygen" to create a new key and overwrite the existing one.

 # ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
 Generating public/private ed25519 key pair.
 /etc/ssh/ssh_host_ed25519_key already exists.
 Overwrite (y/n)? y
 Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
 Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
 The key fingerprint is:
 d5:1d:28:01:f7:c5:0f:fb:7b:43:07:08:1f:93:1c:c6 root@host
 The key's randomart image is:
 +--[ED25519 256]--+
 |        ..o+o=o  |
 |         .o+Eoo. |
 |          .+o+.+ |
 |         .  o o .|
 |        S      o |
 |               .o|
 |              . o|
 |               o.|
 |                o|
 +-----------------+

In unaffected images or operating systems which have SSH that still does not support Ed25519 keys, an error message is displayed:

# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
unknown key type ed25519

Afterwards, the SSH daemon must be restarted, or the server rebooted to apply the new key. Please note that now when re-connecting to the server, a warning may appear.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
MD5: d5:1d:28:01:f7:c5:0f:fb:7b:43:07:08:1f:93:1c:c6
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /home/user/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle  attacks.
Permission denied (publickey,password).

If the fingerprint displayed conforms to the previously generated new key, the relevant line can be deleted from the "known_hosts" file.

Further Information

More general information on SSH can be found under:



© 2016. Hetzner Online GmbH. Alle Rechte vorbehalten.