How to fix your hackable SSH on Debian and Ubuntu Servers

If you’re running debian or ubuntu, your ssh keys are vulnerable. Follow these steps to regenerate them and secure your box back up.

apt-get update  
apt-get upgrade  
cd /etc/ssh/  
rm ssh_host_dsa_key  
rm ssh_host_dsa_key.pub  
rm ssh_host_rsa_key  
rm ssh_host_rsa_key.pub  
ssh-keygen -t dsa (filename as /etc/ssh/ssh_host_dsa_key)  
ssh-keygen -t rsa (filename as /etc/ssh/ssh_host_rsa_key)  
/etc/init.d/ssh restart

Comments

Comment by Christopher DeMarco on 2008-05-15 15:11:28 -0500

This only fixes connections from this host to others. Inbound connections are still problematic!

You need to edit your /etc/ssh/sshd_config file, and set these options:

RSAAuthentication no
PubkeyAuthenticatio no

Then remove the .ssh/authorized_keys and authorized_keys2 files in EVERY USER’s HOME DIRECTORY. (cut -d: -f6 < /etc/passwd) .

After that, you can flip those sshd_config options back on.

NOW you’re safe!

Comments#

Comment by Christopher DeMarco on 2008-05-15 15:11:28 -0500#

Comments

Comment by Christopher DeMarco on 2008-05-15 15:11:28 -0500