OpenSSL & OpenSSH Vulnerabilities : Confirm & Fix Instructions

By | 2008/05/13

I’m sure many of you have heard by this point that there is a reported vulnerability in openSSL and openSSH.  The basis of this is that they keys that are generated when you use these tools (ie; installing openssh-server, etc) are generated in a weak manner and can be prone to simple brute force attacking.

If you’ve never installed openssh-server, used openssh-clients or generated an X.509 certificate you should be safe.  If you have done any of the above keep reading for a validation and fix instructions.  It can’t hurt to run the validation script in either case, just to be safe.

Security patches have been deployed to the Ubuntu archives so the first step is to, of course, apply any security patches available.

Am I Affected?

The first item at hand is verifying whether or not you have been affected by the vulnerability.  As mentioned above there are some common tasks that would qualify, but lets test your machine to make sure.

Download the script linked below and run it using the example syntax below: (Download this file and unzip) PGP signature (Optionally verify the signature of the script)

Cut-n-Paste command-line example of downloading and running the test:

wget -c
chmod u+x
./ user
./ host <hostname>

If you see output similar to:

/home/username/.ssh/ weak key

…then you have been affected by the vulnerability.  If you do not see “weak key” reported then you are OK.

How Do I Fix My Machine?

To update your machine and patch the vulnerability the first thing you want to do is check for and apply any system updates available.  The main Ubuntu archives have been updated with the fixes.  If you are using an alternate mirror the fix may not have propagated yet, so you may not see it available for another few hours.

Apply any updates:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

You should see an update for openssl and openssh packages (along with anything else available).

After these new packages have been applied you’ll want to regenerate any keys that you’ve generated (ie; openssh keys, CA cert, etc).

UPDATE: The latest package release will automagically re-create any server-side ssh keys for you and notify you of the reason. Also, there is a new utility built into the latest release that will check keys for you. After your updates are applied try the tool:


To generate a new openssh key for your user: (This only required if ‘./ user‘ reports weak)

ssh-keygen -t dsa -b 1024

To generate a new openssh key for your server: (This only required if ./ host <hostname> reports weak)

sudo rm /etc/ssh/ssh_host_{dsa,rsa}_key*
sudo dpkg-reconfigure -plow openssh-server

You should now run the validation script again and make sure it does not report any errors.  If you still see reported warnings such as:

/home/username/.ssh/authorized_hosts:1: weak key

…this means that you have authorized_host keys saved that are still affected.  Open the .ssh/authorized_hosts file with a text editor and delete the affected line (:1: means line 1, etc).

Continue to run the ./ script until no weaknesses are reported.

These steps should be run on any system that you manage to ensure they are sufficiently patched.

16 thoughts on “OpenSSL & OpenSSH Vulnerabilities : Confirm & Fix Instructions

  1. Antonino Sabetta

    Sorry, I got it now. By user you mean the literal string “user”, it’s not supposed to be changed with my actual username.

  2. Dave G

    Thanks for the quick run-down!

    Possibly a silly note, but I had to do:

    sudo apt-get dist-upgrade

    to get the new packages. Openssh-server and client were kept back otherwise. Dunno if this is because I was doing this WITHIN an ssh session but thought I’d drop it.

  3. Luciano

    I would like to make you a little but important correction.

    > If you do not see “weak key”
    > reported then you are OK.’

    That’s not totally true. is really susceptible to have false positives.

  4. lefty.crupps

    I don’t get it; which file do we substitute for ‘host’ above? What is ‘host’ and ‘hostname’ relation? Which file do we enter in place of ‘user’?

    i ran
    ./ lefty
    and it failed; so did both
    ./ ./.ssh/authorized_keys2
    ./ ./.ssh/known_hosts

    What am I missing??

  5. Manfred

    When I tried your script I got the following message:

    ./ user
    /home/jonny/.ssh/authorized_keys:1: warning: unparsable line

    Is that indicating a problem?

  6. Nick M

    Wow, thanks! I think I just found my new favorite Ubuntu site! 🙂

  7. Thomas

    Oh the irony, a fix for a security vulnerability that downloads a script using HTTP and then runs it…

    Download the signature too, then verify it!

    wget http://security…./

    You’ll probably get a ‘key not found’ error. Import the key (it’ll tell you the RSA key ID):

    gpg –recv-keys 02D524BE

    Now when you run it again. It should tell you that the signature matches, but that the key is untrusted.

    Now the real fun begins 🙂

    You need to verify the key signature, then you need to decide if you actually trust this “Florian Weimer” guy, and _THEN_ you can run the script!
    (I can tell you, but that’d be pointless ‘cos then you’d have to decide whether or not you trust me 🙂

    Security is NOT easy, but failing to do the above means that you’re on par with the guy who runs “WindowsSecurityPatch.exe” attachments he gets in the mail.

  8. Rafael

    I have followed all the instructions but I have two problems:

    1)I don’t have the tool: ssh-vulnkey

    2)When I run ./ host , I get the following error:
    server: 2048 bits DSA key not recommended

    ¿any idea?

    Thnks in advance

  9. Gecko

    Thank you so much for your help on this. As a relative newbie, I wasn’t too sure what the heck I was supposed to do other than update in the face of this issue. Thanks again.

  10. Christer Edwards Post author

    @Rafael – you should be seeing a new openssh upgrade soon that will include an openssh blacklist and the new vulnkey tool. This was not included in the first batch of patches. My guess is your mirror isn’t up to date just yet.

    Also, (see: man ssh-keygen), “DSA keys must be exactly 1024 bits as specified by FIPS 186-2.”, which is why you get that output.

  11. Projektd

    Thanks! I needed this. Worked Great.

  12. Iñaki Silanes

    Luciano says:

    I would like to make you a little but important correction.

    > If you do not see “weak key”
    > reported then you are OK.’

    That’s not totally true. is really susceptible to have false positives.”

    Well, either the message is not correctly phrased, or it is wrong. If is susceptible to have false positives, it means that it will sometimes have a positive (it will DO say “weak key”), while the key not being really weak (hence, a “false” positive).

    What Florian seems to imply is that has false NEGATIVES: it sometimes says nothing (implying all keys are correct), but this is false (some might be weak).

    A positive test is one in which the testing device “ticks”, and a negative one one in which the testing device remaints “silent” (regardless of what ticking or remaining silent imply).

Comments are closed.