Am 16.04.2014 um 10:23 schrieb Oliver Tappe <zooey@xxxxxxxxxxxxxxx>: > I find it pretty difficult to judge the exact effects of heartbleed, so I've > decided this is a good time to follow your advice (you were the one pointing > out the weakness of our ssh host keys in the first place) and rotate the keys. Ah. OpenSSH is completely unaffected by Heartbleed as Heartbleed is only affecting the TLS protocol. OpenSSH only links against OpenSSL's libcrypto, but not against libssl :). But yes, changing the weak RSA key was a necessity anyway. > It certainly is, once we are using openssh-6.5. As of now, we're running > openssh-6.2, which doesn't support Ed25519 keys. Are there no updated packages available yet? OpenSSH 6.5 also introduces Curve25519 for the key exchange, whereas older versions prefer using the backdoor'd NIST curves. > Well, the old RSA key might not, but the ECDSA key should be, which seems to > be preferred by ssh. I have no idea why your ssh client seems to ignore the > ecdsa key, maybe it doesn't support that key type? Ah, there's the problem. I actually disabled ECDSA in my SSH config, since most cryptographers are very sure the NIST curves, which are used by OpenSSH for ECDSA, are backdoor'd. Hence me asking for Ed25519 certs / Curve25519 key exchange. And ChaCha20-Poly1305 would also be nice, as it prevents the timing attacks of AES-CBC, though I don't know how I feel about the fact that all crypto primitives used then are invented by the same person. 6.5 also offers AES-GCM besides ChaCha20-Poly1305, so that there is another authenticated cypher :). > Sure, if you were just using RSA keys. However, the server did provide a DSA > and an ECDSA key, too. Yeah, that's the problem. I disabled both ECDSA and DSA - ECDSA due to the alleged backdoor and DSA because it depends too heavy on randomness - and good randomness if scarce if a VM rebooted. Ed25519 doesn't have that problem, though :). >> What about the approach to have /etc/ssh/ssh_host_rsa_key_new.pub, which is >> not used for now, and then just use this as the new key at the end of the >> month? > > What's the difference to what has happened for you now? That would mean that > everyone has to switch now without a chance to fetch the new key first. I think you misunderstood: The new key will be at a path that is not used by SSH for now. Everybody can get that key and add it to the keyring. After the end of the month, the SSH config is changed to use the new key. Since it's already too late now, the best I can think of is start a new VM that has the old key and on login shows you the fingerprint of the new key. > All I can offer you is to point out that the same fingerprints are being > shown on https://server-stats.haiku-os.org and that I'm happy to confirm them > via IRC. Yes, I'll come back to that :). -- Jonathan