xeiaso.net / site
The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

blog: anti-RSA post

Signed-off-by: Xe Iaso <me@christine.website>

Xe Iaso 1ee48a7a 9ab1724f

+131
+131
blog/move-away-rsa-ssh.markdown
··· 1 + --- 2 + title: How to move away from RSA for SSH keys 3 + date: 2023-01-04 4 + tags: 5 + - OpenSSH 6 + - RSA 7 + - ed25519 8 + - security 9 + - sre 10 + - NixOS 11 + --- 12 + 13 + <xeblog-hero ai="Stable Diffusion v1.5" file="volcano-bliss" prompt="a rolling green landscape by makoto shinkai, breath of the wild, active volcano, windows xp bliss, manga style, ((thick outlines))"></xeblog-hero> 14 + 15 + [RSA](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) is one of the most 16 + widely deployed encryption algorithms in the world. Notably, when you generate 17 + an SSH key without any extra flags, `ssh-keygen` will default to using RSA: 18 + 19 + ``` 20 + root@hiro:~# ssh-keygen 21 + Generating public/private rsa key pair. 22 + Enter file in which to save the key (/root/.ssh/id_rsa): 23 + ``` 24 + 25 + For a while cryptographers have feared that RSA is vulnerable to a quantum 26 + computing algorithm known as [Shor's 27 + Algorithm](https://en.wikipedia.org/wiki/Shor%27s_algorithm). I won't pretend to 28 + understand it in this article, but the main reason why it's not deployed is that 29 + the hardware required to attack RSA keys in the wild literally doesn't exist 30 + yet (think literally tens of generations more advanced than current quantum 31 + computers). 32 + 33 + A group of researchers have just published [a 34 + paper](https://arxiv.org/pdf/2212.12372.pdf) that posits that it's likely you 35 + can break 2048-bit RSA (the most widely deployed keysize) with a quantum 36 + computer that only uses 372 qubits of computational power. The [IBM 37 + Osprey](https://newsroom.ibm.com/2022-11-09-IBM-Unveils-400-Qubit-Plus-Quantum-Processor-and-Next-Generation-IBM-Quantum-System-Two) 38 + has 433 qubits. 39 + 40 + <xeblog-conv name="Cadey" mood="coffee">Note that quantum computers are 41 + effectively unobtainable (unless you're a research institution or you have a few 42 + small loans of billions of dollars laying around), require a team of highly 43 + specialized experts to monitor them 24/7, and aren't really usable to the 44 + general public. I highly doubt that quantum computers are going to be rolling 45 + into store shelves any time soon. I also have no idea what I'm talking about 46 + with quantum computers. Please temper your interpretations of my statements 47 + appropriately.</xeblog-conv> 48 + 49 + It may be a good time to move away from RSA keys when and where you can. Today 50 + I'm going to cover how to make SSH keys using 51 + [ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) keys instead of RSA. 52 + 53 + <xeblog-conv name="Mara" mood="hacker">It's worth noting that RSA has not been 54 + broken yet, the paper in question 55 + 56 + ## Generating new keys 57 + 58 + To generate a new keypair, use the `ssh-keygen` command: 59 + 60 + ``` 61 + ssh-keygen -t ed25519 62 + ``` 63 + 64 + Make sure to set a password on that key and then you can add it to your SSH 65 + agent with `ssh-add`. Copy the public key to your clipboard (print it to the 66 + screen with `cat ~/.ssh/id_ed25519.pub`) and then you can add it to GitHub or 67 + other services you use. 68 + 69 + <xeblog-conv name="Mara" mood="hacker">Pro tip: you can get a list of machines 70 + you've SSHed into by reading your `~/.ssh/known_hosts` file. You could use a 71 + command like this:</xeblog-conv> 72 + 73 + ``` 74 + cat ~/.ssh/known_hosts | cut -d' ' -f1 | sort | uniq 75 + ``` 76 + 77 + <xeblog-conv name="Mara" mood="happy">This will get you a list of machines that 78 + you may need to update your SSH key in! Remember that your new key should go to 79 + the end of `~/.ssh/authorized_keys`!</xeblog-conv> 80 + 81 + ## Disabling RSA host keys 82 + 83 + The OpenSSH server will create a keypair for each machine it runs on. By default 84 + this creates an RSA key as well as an ed25519 key. You can disable this by 85 + adding the following line to `/etc/ssh/sshd_config`: 86 + 87 + ``` 88 + HostKey /etc/ssh/ssh_host_ed25519_key 89 + ``` 90 + 91 + <xeblog-conv name="Mara" mood="hacker">In my testing, this was the case for both 92 + NixOS and Ubuntu. If you want to be sure you're setting the right key, check the 93 + file for commented-out HostKey instructions. Uncomment whichever one contains 94 + `ed25519` in it.</xeblog-conv> 95 + 96 + If your SSH configuration file has a `Ciphers`, `HostKeyAlgorithms`, 97 + `PubkeyAcceptedAlgorithms`, or `CASignatureAlgorithms` setting in it, you may 98 + want to make sure that any `rsa` cipher or algorithm isn't present in any of 99 + them. If your distro has an option to change this system wide (such as in [Red 100 + Hat and 101 + derivatives](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening)), 102 + you may want to use that. 103 + 104 + <xeblog-conv name="Mara" mood="happy">You may want to have some kind of 105 + transition period for shared machines before you start rejecting RSA keys 106 + willy-nilly. This can break people's workflows and SSH-key-in-GPG setups. Talk 107 + with your users and work on compromises. Something something shill for the 108 + company supplying the author of this post with the money needed for food 109 + something something.</xeblog-conv> 110 + 111 + If you want to do this on NixOS, add the following configuration to either your 112 + `configuration.nix` or something that is imported by your `configuration.nix`: 113 + 114 + ```nix 115 + services.openssh.hostKeys = [{ 116 + path = "/etc/ssh/ssh_host_ed25519_key"; 117 + type = "ed25519"; 118 + }]; 119 + ``` 120 + 121 + <xeblog-conv name="Mara" mood="hacker">This tells SSH to use only an ed25519 122 + host key. By default it will also create an RSA key.</xeblog-conv> 123 + 124 + --- 125 + 126 + I hope this helps! Systems administration is full of annyoing migrations and 127 + compromises like this. Good luck out there! 128 + 129 + <xeblog-conv name="Mara" mood="hacker">Also check out [this 130 + article](https://xeiaso.net/blog/yubikey-ssh-key-storage) on how you can store 131 + an SSH key on a Yubikey or any other compliant FIDO2 key!</xeblog-conv>