Skip to content

May 15, 2008

Mitigating SSH Vulnerabilities Using Single Packet Authorization

Note: This is a 2008 post I managed to recover from my archive of

This past week has seen a bit of activity on the SSH security front. To begin with, on Tuesday (13/05/08) Linux distributions Debian and Ubuntu announced that due to a flaw in the random number generator used to generate cryptographic keys used by OpenSSL, OpenSSH and OpenVPN, making these keys far more predictable than they should be, and can be discovered by performing a brute force attack. This is particularly true of the encryption keys used by OpenSSH. HD Moore of the Metasploit project has created a page cover these vulnerabilities, with links to tools that can be used to check for weak keys, as well as key blacklists.

Coincidentally, on Wednesday (14/05/08) a number of network administrators issued warnings of increased brute force and dictionary attacks on systems running SSH. It is believed, however, that these increased attacks are most likely unrelated to the vulnerabilities disclosed in SSH the day before.
As a result of the vulnerability disclosures, users of Ubuntu and Debian systems are not only strongly encouraged to update their software, but also delete all cryptographic keys generated between September 2006 and the 13th of May 2008, and re-generate new keys. Some Debian system administrators, whose systems make significant OpenSSH and OpenVPN, frantically trying to determine which systems are vulnerable and where new keys need to be generated.
As you can expect, due to the nature of services like SSH, it is quite a crucial service to keep secure. Doing so is potentially a complex task due to brute force/dictionary attacks, weak key attacks, and 0day exploits. This is one area in particular where Single Packet Authorization (SPA) excels.
SPA is a method for keeping a host’s firewall completely closed down until a valid authorization packet is received, which will then allow the authorized client to connect during a very short timeframe. As such, an attacker cannot even reach the SSH daemon in order to carry out the attacks mentioned above. This would give system administrators a lot more breathing room for carrying out updates, re-generating keys, etc. It essentially adds an extra layer of security, and adds to the concept of defense-in-depth which is an important part good all-round security.

A very robust implementation of SPA is the Firewall Knock Operator (fwknop), developed in Perl by Michael Rash, which includes features such as replay-protection. I’ll be posting a tutorial on setting up fwknop on OS X very soon. Aldaba, another implementation by Luis Martin Garcia, is written entirely in C, and offers similar functionality to fwknop. Finally the latest implementation that has come to my attention in the past few days is “Ramius“, written entirely in Bash by John Brendler. Although I have not tested it yet, it’s good to see new implementations using readily-available tools.

Share your thoughts, post a comment.


Note: HTML is allowed. Your email address will never be published.

Subscribe to comments