The Internet Storm Center (ISC) at SANS is raising the alarm on the issue with a yellow alert on the flaw. According to ISC handler Bojan Zdrnja, the development of automated scripts exploiting key based SSH authentication looks like a real threat to SSH servers around the world. In a blog post, Zdrnja argued that public keys generated on any Debian based machine between September 2006 and 13th of May 2008 are vulnerable.
"It is obvious that this is highly critical -- if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time)," Zdrnja wrote. "In other words, those secure systems can be very easily brute forced."
Security researcher HD Moore, leaders of the Metasploit security effort has gone a step further, explaining in a public post how he was able to brute force 1024, 2048 and 4096-bit keys. The flaw itself exists in a Debian-specific version of the OpenSSL package, which generates the keys that are used in OpenSSH. Even though OpenSSL is widely used by other Linux distributions, it is not necessarily at risk according to Moore.
"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."
"It's obviously a very significant issue being a remote exploit," Canonical CEO Mark Shuttleworth told InternetNews.com.
Shuttleworth added that folks who have applied the update are in a good position. Shuttleworth added that Ubuntu is very responsive on security and their primary focus is to be able to respond to any issue that may arise.
"We do have a substantial amount of pro-active security in the system," Shuttleworth explained. "Where we design the configuration of the system so services are isolated form one another. So a compromise in one service doesn't affect the rest of the system."
Moore noted that even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system. Tools and patches have been released by Debian and Ubuntu to fix the issue and identify any potentially vulnerable keys.
"Any SSH server that uses a host key generated by a flawed system is subject to traffic decryption and a man-in-the-middle attack would be invisible to the users," Moore explained in his post.
Though Moore was able to crack the keys, the brute force methods used require a certain degree of computing power. Moore noted in an FAQ about the keys that was able to brute force that he used a 31 Xeon core cluster clocked at 2.33 Ghz. Using that large cluster it took two hours to generate the 1024-bit and 2048-bit RSA keys for x86. Other more keys including 4096, 8192 and even 16384 bit keys could also all be generated as well given enough time.
Rohit Dhamankar Senior manager of security research at TippingPoint noted that its not uncommon to see a large volume of brute force attempts against servers. While OpenSSH is now being targeted brute force crackers also typically target Microsoft SQL servers as well trying to guess username and password combinations.
Dhamankar noted that time isn't the only defense a user might have. Intrusion Prevention Systems (IPS) can be set to deny IP addresses after a certain number of tries.