Red Hat Bugzilla – Bug 19756
possible key generation problem
Last modified: 2007-04-18 12:29:29 EDT
There is a possible problem with ssh key generation.
After RedHat 7.0 is installed and the computer is rebooted
then, during this first reboot ssh key is generated.
The problem is: Linux /dev/urandom random generator
is driven by keyboard and mouse events.
Network traffic and the other things do not affect the generator.
During the reboot usually no key pressed or mouse moved
so the randomness,
created during the reboot is probably too weak and can be easily guessed.
The solution I see is before ssh key generation ask user
to press some keys. Thus true random numbers will be generated
and the ssh private key will not be easily guessed as it is now.
My kernel picks up around 400 bytes of entropy during bootup prior to sshd
starting, measured by adding:
(sleep 5 ; killall dd) &
dd if=/dev/random of=/tmp/rand bs=1
to /etc/rc.d/init.d/sshd's start case.
Around 384 bytes are required in the worst case: generation of DSA host key
(which does a DSA parameter generation implicitly) and generation of an RSA key.
This is a little too close for comfort, but I think that you would have a hard
time creating a real attack out of it.
The problem could be mitigated somewhat if anaconda wrote a random seed to
/var/run/random-seed after the installation. The installer would pick up a lot
of entropy from all the disk and keyboard/mouse activity during install.
It might also be worthwhile increasing the size of the kernel entropy pool for
the 2.2 kernels (2.4 can do it through proc): 512 bytes just isn't enough,
especially if you are doing SSL or IPsec. linux/drivers/char/random.c supports
pools up to 8k.with a simple #define
To ask user for key pressing on boot isn't a good idea. What about
The real solution is to use true random HW generator in current
chipsets but this has nothing to do with openssh which simply uses
what the kernel provides.
So feel free to report enhancement requests against kernel.