Ubuntu – Does reinstalling openssh-server change the host key

opensshSecurityssh

I recently noticed several ssh brute force attacks on my server that runs ubuntu and openssh-server. Besides taking some countermeasures I have naturally become extra careful. When I tried to ssh into the server this morning I got the dns spoofing warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for somehost.com has changed,
and the key for the corresponding IP address xx.xx.xxx.xxx
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

The ip address has most likely changed, that wouldn't be surprising. But I have not changed the ubuntu setup recently. However, I reinstalled openssh-server by executing

sudo apt-get remove openssh-server

and reinstalling it with

sudo apt-get install openssh-server

This makes me think that the host key only depends on the directory /etc/ssh/. In my case it looks like this:

drwxr-xr-x   2 root root   4096 Sep  3 19:12 .
drwxr-xr-x 160 root root  12288 Sep 27 08:41 ..
-rw-r--r--   1 root root 300261 Aug 11 18:24 moduli
-rw-r--r--   1 root root   1756 Aug 11 18:24 ssh_config
-rw-r--r--   1 root root   2542 Sep  3 19:09 sshd_config
-rw-------   1 root root    668 Apr 21 15:27 ssh_host_dsa_key
-rw-r--r--   1 root root    606 Apr 21 15:27 ssh_host_dsa_key.pub
-rw-------   1 root root    227 Apr 21 15:27 ssh_host_ecdsa_key
-rw-r--r--   1 root root    178 Apr 21 15:27 ssh_host_ecdsa_key.pub
-rw-------   1 root root    411 Apr 21 15:27 ssh_host_ed25519_key
-rw-r--r--   1 root root     98 Apr 21 15:27 ssh_host_ed25519_key.pub
-rw-------   1 root root   1675 Apr 21 15:27 ssh_host_rsa_key
-rw-r--r--   1 root root    398 Apr 21 15:27 ssh_host_rsa_key.pub
-rw-r--r--   1 root root    338 Sep  3 19:12 ssh_import_id

Today is Sep 27, so all ssh_host* files have not changed since april. I'm not exactly sure if the users public key influences the host key. So just to be sure, I checked the user ssh directory ~/.ssh/, which looks like this:

drwx------  2 user user 4096 Sep  5 18:41 .
drwxr-xr-x 49 user user 4096 Sep 27 08:43 ..
-rw-------  1 user user  748 Apr 21 19:20 authorized_keys
-rwx------  1 user user 3326 Jan 21  2016 id_rsa
-rw-rw-rw-  1 user user  748 Jan 21  2016 id_rsa.pub
-rw-r--r--  1 user user 2726 Mai  3 13:00 known_hosts

So the user public key hasn't changed either.

Question: Is there anything else that influences the host key or the host fingerprint? Anything that I am not taking into account? Is it possible that reinstalling openssh-server changed the host key? If yes, where are the files that were updated?

[EDIT]
I have meanwhile checked the ECDSA fingerprint on the server itself by executing (see this for details)

$ nmap localhost --script ssh-hostkey

and the fingerprint matches the one that is shown in the spoof notice. So it seems that not the server has changed but rather the known_hosts file on the machine that I was using to connect to the server. Maybe Germar is right and the IP address matched a server that I connected to earlier. I am still not exactly sure why I got the spoofing notice. But unless the nmap command is not spoofed aswell (I assume it is not) I should have a secure connection.

Best Answer

Your original host keys would be deleted if you had purged openssh-server, using either apt-get purge openssh-server or apt-get remove --purge openssh-server. In this case the keys would be regenerated, and would naturally be different. If openssh-server was just removed, the key files should not have been touched on reinstallation.

The host keys do indeed only depend upon the files in /etc/ssh/, unless ssh is configured to look elsewhere. This would be evident by any unusual looking HostKey lines in /etc/ssh/sshd_config. The default HostKey lines are:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

It is definitely worth checking the file to see whether you're using host keys from a non-standard location, as your key files appear not to have been modified.

If the keys on the server are as expected, the warning is most likely being generated at the client end of things. As Germar said, the problem could be caused by reuse of a dynamically assigned IP address which had previously been used by another server.

Related Solutions

Ubuntu – Where is the SSH Server Fingerprint generated/stored

When you make a SSH session, two different key pairs (with a fingerprint for each pair) are involved. One is the user's key which is stored in ~/.ssh. The user's SSH key identity is sometimes used as credentials to login to another computer (if you have set up key based login).

The other is the SSH server's key. This is the key you see the fingerprint for when you connect to a different server for the first time. This key's identity is used to make sure you are logging in to the SSH server you intend to. This is important if you are using passwords because you wouldn't want to accidentally try to login to an attackers machine: the attacker would get your password when you typed it in. Then the attacker could login to the machine you thought you were logging in to! (this is known as a "man in the middle attack") The keys a SSH server uses to identify itself when you login to it are located in /etc/ssh/ and usually named something like ssh_host_rsa_key.

You can actually change where the SSH server looks for the key in the /etc/ssh/sshd_config file with the HostKey /path/to/host/key setting.

By default, ssh-keygen will create a key for the current user, which, by default, will be stored in ~/.ssh. The format of a user key and a server key is the same; the difference is where they are placed and whether /etc/ssh/sshd_config has a HostKey directive pointing to them. When you install the openssh-server package, it automatically generates keys for the server to use. That is where the keys with the unknown fingerprint came from. If you want to see the fingerprint of the SSH server's (RSA*) key, you could run ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub.

*There are different encryption algorithms. Each one uses a different key. Common ones are DSA (weak), RSA (old default), and ECDSA (new default).

Ubuntu – ‘ve two entries per server in known_hosts file

You have two entries because one is by domain and the other by IP address, so your example:

|1|wwwwwwwwwwwwwww=|wwwwwwwwww= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=
|1|vvvvvvvvvvvvvvv=|vvvvvvvvvv= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

might in effect read:

[example.com] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=
[192.168.6.8] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

If you disable known host hashing (add HashKnownHosts no to your ~/.ssh/config file) then you can see what is happening, but on a non-hashed known_host file, both the domain and IP address can appear on the same line, so they'd look like this:

[example.com],[192.168.6.8] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

There's a bit more of a discussion of the known_hosts file format here.

Best Answer

Related Solutions

Ubuntu – Where is the SSH Server Fingerprint generated/stored

Ubuntu – ‘ve two entries per server in known_hosts file

Related Question