SSH RSA host key changed

After a review of our security practices brought on by the recent Debian ssh key security issue (which does not affect our FreeBSD-based service), we’ve decided to upgrade the strength of our RSA ssh host key from 1024 bits to the same length that we recommend you use, 4096 bits.

The correct/current RSA host key:

fc:89:a1:64:74:70:a4:82:58:c1:73:4e:72:59:63:56


This naturally changes the host key fingerprint, and is likely to cause warnings for people who have previously connected. This doesn’t indicate a security problem, but you should compare the new key against its fingerprint.

You can verify this on our secure site in the member FAQ.

We have not changed the DSA key, as limitations in the DSA algorithm render longer keys pointless. We discourage but will continue to allow the use of DSA keys.

We apologize to anyone alarmed by the ALL CAPITAL LETTERS!! warnings that ssh applications tend to produce when a host key changes. The new key length should guarantee that we don’t have to change it again for a good long time.

In other key-related news, we scanned all member ssh keys for the Debian weak keys and notified everyone who appeared to be affected. Since there are exploits in the wild, we will shortly be removing any remaining weak keys, and we will not accept any new weak keys for access to member sites.

7 Comments

RSS feed for comments on this post.

  1. I was working away and was, not alarmed, but surprised to find the ssh key had changed. It is good to know it’s not someone actually trying to do something nasty as my ssh client claimed might be happening.

    Comment by Alan Linton — May 17, 2008 #

  2. I understand that it’s important to move quickly when fixing holes, but since this was a policy change and not a reaction to an actual security breach, what do you think about announcing these sort of things a few days before implementing the changes?

    We’re a fast-moving company. We try to give appropriate advance notice depending on the significance of a change without turning even the most minor update into a bureaucratic nightmare. With a trivial (in its effect) change of this nature, we felt that the time most people would want information about it would be at the time they encountered the change. -jdw

    Comment by Ken Dreyer — May 18, 2008 #

  3. You guys run a tight ship. 😀

    Comment by Brad — May 19, 2008 #

  4. Nice work! I haven’t gotten an email about a weak key, so I’m assuming that I should be safe 😛

    That’s not necessarily a safe assumption. If you were running affected Debian versions, you should update and regenerate and replace your keys. I believe the key blacklist is known to produce both false positives and false negatives, so should not be the sole measure of safety. -jdw

    Comment by Charlie Melbye — May 20, 2008 #

  5. A timely warning, since I just now got the ALL CAPITALS WARNING and headed over here to see “What’s up, Doc?” 🙂

    As usual, well-done with keeping on top of security.

    Comment by Bumpy Light — May 22, 2008 #

  6. Thank you. The capital letters didn’t alarm me too much, since I see them all the time on my home network when I reload a machine.

    It’s good to see this info posted. I know some other hosts that would make the change without any kind of announcement. (Sometimes not even telling the support staff about the change, making for some very confused customers)

    Comment by Nesman — May 25, 2008 #

  7. The relevant member FAQ entry (q=SSH) needs to be updated, as it does not contain the rs2 key.

    The relevant FAQ entry is actually this one; we’ve changed the one you’re referring to to point to it. -jdw

    Comment by GreenReaper — June 13, 2008 #

Sorry, the comment form is closed at this time.

Entries Feed and comments Feed feeds. Valid XHTML and CSS.
Powered by WordPress. Hosted by NearlyFreeSpeech.NET.

NFSN