Hi everyone,
There’s a security issue affecting some micro VMs deployed from our official images, which includes most solutions in the Playground. These images have hard coded SSH host keys and an attacker can potentially use them to eavesdrop or inject commands into SSH sessions. If you have such a deployment that you access via SSH, please read on for details on how to address it.
Affected deployments
Ubuntu and Debian based micro VMs. This includes most of our solutions like Peertube, Taiga, etc.
Until a fix is released, this also includes all new deployments from these images.
Full VMs are not affected.
Issue detected
The micro VM images include hard coded SSH host keys that are not regenerated at the time of deployment. These keys become publicly available when the images are published and also shared between every deployment of the same image.
Potential attack
Host key exposure opens the possibility of a man in the middle attack (MITM), whereby an attacker can eavesdrop on and inject commands into an SSH session by intercepting traffic between a user and their VM.
Such attacks are very difficult to execute, because they require redirecting network traffic. Generally this would mean that the attacker has also compromised a piece of networking gear in the route between the user and the VM.
Since all traffic over Yggdrasil and WireGuard is end-to-end encrypted, this vulnerability does not apply to SSH sessions conducted over Yggdrasil or WireGuard. However, rotating the host keys as described below is still recommended.
Mitigation
It is possible to rotate the host keys inside the VM to secure all future communication. In fact, periodic rotation of host keys is a recommended practice for all systems accessed via SSH.
However, if a MITM attack were successfully carried out, the attacker could potentially infect the VM with malware and host key rotation is not a mitigation for malware. If you are concerned about that possibility, destroying and redeploying any potentially affected VMs is the best option.
Host key rotation
Complete the following steps to rotate host keys inside your VM:
rm /etc/ssh/ssh_host_*
ssh-keygen -A
The changes will take effect for all future SSH sessions. It’s not necessary to restart the SSH server or the VM.
After you’ve done this, you might also need to remove or update the relevant line from your known_hosts
file (or equivalent for SSH clients other than openssh
) before being able to connect again.