
Non-Unique SSH Host Keys Ed25519 on Hetzner - jonaslejon
http://wiki.hetzner.de/index.php/Ed25519/en
======
ymse
This is probably pretty common. When I first deployed virtualization at a
previous job ~5 years ago, it took almost two years before I realized all
images used the same host keys.

Can someone versed in cryptography comment on whether this allows _passive_
eavesdropping? Active MITM sure, but I thought session keys would be unique.

~~~
brians
You are right: it allows active impersonation, but not passive eavesdropping.

~~~
pflanze
> impersonation

"Impersonification" of the server, you mean (inservication if that's a word).
It would allow an attacker to operate a machine under their control that poses
as mine.

But then, for password based logins, that will actually be enough to
impersonify the user as well (the attacker will create an ssh connection to
the real server with the given password). But I wonder how things work with
key based logins.

I've ordered a server from Hetzner recently, I guess I'll just ditch it (and
perhaps order a new one). BTW I haven't gotten any email notification from
Hetzner about this yet.

~~~
corford
No need to junk your server, just regenerate the affected key. Instructions
are on their wiki here:
[http://wiki.hetzner.de/index.php/Ed25519](http://wiki.hetzner.de/index.php/Ed25519)

~~~
pflanze
My point was that the issue didn't just allow a MITM to capture traffic, but
also take over the machine(?). So cancelling the server and installing a new
one will be the safer bet (I'm considering moving to a different company at
the same time, as the IP _block_ my old server is in seems to be the reason I
can't deliver mail to Google, Hotmail and Yahoo (my own IP is all green in
blacklists, but my neighbours' IPs aren't)). YMMV.

~~~
corford
I suppose it depends on your paranoia level and whether or not you were using
keybased auth or passwords. If you were using keybased auth then simply
regenerating the host key should be enough.

Re: mail issues. We had the same problem (our IP was green but the block it
was in was tainted). We solved the delivery issues by going through the
various processes on:
[https://mail.live.com/mail/postmaster.aspx](https://mail.live.com/mail/postmaster.aspx)
[http://postmaster.google.com](http://postmaster.google.com) and
[https://postmaster.aol.com/](https://postmaster.aol.com/) [ in addition to
following all the usual best practices - SPF, DMARC etc. ]

~~~
pflanze
Thanks for the info about your mail. I'm using SPF and DKIM too, I don't see
how DMARC would help deliverability so I haven't tried that yet. I've verified
my domains (including the reverse name(s) of my server's IPs) with
postmaster.google.com to no avail (and I'm not sending enough mail to get the
actual tools enabled). Interesting that you think you could solve it that way,
perhaps you're sending more mail, or perhaps M$/Google/AOL are interchanging
info and it only helps when going through all of their tools, or perhaps
you've sent enough mail that what actually helped was people marking mail as
ham, or perhaps you're in a block that's tainted less. My strategy remains to
try another IP block. I might also try disabling IPv6 (although IIRC it
delivers to Google over IPv4?).

------
jjuhl
At least they are aware of the issue and warning their customers.

A lot of companies would just fix the issue (or not even that) and try to
silently sweep it under the rug.

~~~
kuschku
Their business is being a trustworthy, high quality service.

Sweeping it under the rug would destroy their business. (Not that competitors
wouldn’t have done it anyway)

~~~
chx
> Their business is being a trustworthy, high quality service.

Really. Here I thought their business is renting out servers made from desktop
parts for insanely low amounts of money. I have no problems with this
strategy, I enjoy my 42EUR a month 2x3TB HDD + 2x120GB SSD, 16GB i7 2600
server, thanks much. It runs hobby sites and such. I know what I bought and
what I can expect.

~~~
5ersi
They also offer reasonably priced server-class dedicated servers with Xeon
processors, ECC memory and datacenter-series SSDs.

~~~
merb
"reasonably priced". You never needed a private network with 3 nodes.

~~~
corford
€12,61/month extra per server and a one off ~€25 for the switch is hardly
extortionate given what they charge for servers...

~~~
merb
no. you've forgotten something. you need to pay at least the flexi pack for
ever server, too. So your math is Switch + 12.95/month (per server) + 15
/month (per server) and now you outpriced nearly every cloud.

~~~
corford
The €12,61 I mentioned is the Flexi-Pack charge (just without VAT). There are
no other costs apart from a one off charge of ~€25 to install a switch.

~~~
merb
with the flexi pack you need to pay an additional cost of the second network
card you need.

~~~
corford
Ah ok. I've only ever rented servers from them that already had a second NIC
present (so I just needed to pay the flexi-pack charge to activate it). Didn't
realise they also sold servers with single NICs.

~~~
merb
Most of them are. Only if you use the "bigger" ones which aren't cheaper than
the cloud providers anyway so. If you care for pricing it's cheaper to either
have a colocation or a cloud or a own datacenter. renting servers is mostly
not cheap if you need more than a single server.

I mean most people's need definitely suites inside the cloud since they don't
need to have the full capacity 24 hours. There are some other people who need
the full capacity every time, but if you run a globally distributed services
you mostly run into other problems than datacenter costs.

~~~
corford
In my case, I have three servers (each with ECC 32GB, Xenon quad core, 2x3TB
disks and unlimited bandwidth), a 5 port internal switch, two public IPv4
addresses per server, a public failover IP, 300GB of network backup space and
two additional rack slots reserved in the same rack for future expansion.

The total monthly cost for this (exc. VAT) is €180. I haven't been able to
find any co-location or cloud providers that can come anywhere close to that
price for a similar resource setup.

------
sarciszewski
If anyone works for a hosting provider, please write a script that checks all
of your customers' SSH ports for identical fingerprints. If you have any
collisions, you have a problem.

~~~
jedisct1
Except that performing network scans, even on your own network, is illegal in
many countries.

Even in countries where this is legal, providers cannot take the risk of
running a scan that could possibly crash a customer application, or they could
be sued for that.

~~~
switch007
Which countries and under which laws?

Which T&Cs do not have a blanket clause to indemnify the hosting company in
such situations? If I accidentally reboot the virtualisation host, can my
company be sued for making the application "crash"?

~~~
AdamGibbins
There's multiple examples of legal issues mentioned on
[https://nmap.org/book/legal-issues.html](https://nmap.org/book/legal-
issues.html)

------
wumwufwurd
Affected customers have received an email about the issue. I got mine about 2
hours ago.

It would be great not to publish an article like that until some time later,
so that everyone gets a chance to fix the problem on their machines before it
goes fully public - especially since it's the holiday season and some people
don't check email or news that often.

~~~
mschuster91
The problem is that as soon as you send the email, someone will leak it,
setting the usual internet machine of FUD, "this must be a fake" etc at work.

------
rwmj
Use virt-sysprep to prepare your templates. [http://libguestfs.org/virt-
sysprep.1.html](http://libguestfs.org/virt-sysprep.1.html)

------
ThomasAH
Some additional details and their mail to customers here:
[http://blogs.intevation.de/thomas/hetzner-duplicate-
ed25519-...](http://blogs.intevation.de/thomas/hetzner-duplicate-ed25519-ssh-
host-keys/) "I must say, I’m impressed. Especially at this time of the year I
would have expected a slower reaction or a less detailed announcement."

------
zx2c4
Yet another reason not to use images provided by your hosting company.

In anycase, if you are relying on hosting company images (complete with their
root backdoor for "performance monitoring control panel!"), it's not like you
care very much about your servers' security in the first place...

~~~
Ded7xSEoPKYNsDd
If you really believe your hosting provider puts root backdoors in your
systems, you really shouldn't run anything in a hypervisor controlled by them.

~~~
TimWolla
[http://help.ovh.com/InstallOVHkey](http://help.ovh.com/InstallOVHkey)

> In order to be able to intervene on your dedicated server without your root
> password, the automatic installation of ssh key is done. Only authorized
> employees of OVH will use it. It is not a gap in security, contrary, thanks
> to this OVH has root rights to your server and may identify the problems
> with your server. When you request an intervention, we need to have access
> to ssh.

~~~
niij
This is an opt-in process, not an opt-out. They don't have authorized keys on
your server by default, only instructions to add them if needed.

~~~
Wilya
Unless it has changed recently, it's opt-out. The instructions are mostly for
re-adding the key if you have removed it.

------
hannob
May be helpful for others:

[https://github.com/hannob/ed25519hetzner](https://github.com/hannob/ed25519hetzner)

(script to check host key and known_hosts file for vulnerable hetzner keys)

------
tshtf
This is very widespread.

I reported a similar issue on Chunkhost
([https://chunkhost.com/](https://chunkhost.com/)) back in 2011... They never
responded to my email about remediation, but hopefully the issue was fixed.

------
r0muald
I do hope this page is not the only source for the announcement, since it's a
wiki page on a non-HTTPS MediaWiki instance that runs an abysmally old and
unsupported (= unsafe) version of the software.

------
zymhan
Wasn't there a cloud hosting provider that didn't even bother cleaning out the
SSH known_hosts file?

