Hi,
I am in the process of setting up passwordless ssh login and out of curiosity checked out the /etc/ssh directory in a brand new clean installation of OSMC.
I was surprised to see three sets of key pairs in addition to the usual ssh_config. What are these for and how were they created?
Since they are in an otherwise virgin installation does that mean somebody else on the wan can access my system unknown to me because the keys were not created on my system?
No.
They’re created on first boot, by your device.
I suspect the directory looks like this:
root@VERO4K-DEVEL:/home/osmc# ls /etc/ssh
moduli ssh_host_ed25519_key sshd_config
ssh_config ssh_host_ed25519_key.pub sshd_config.distributed
ssh_host_ecdsa_key ssh_host_rsa_key
ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub
See osmc/package/ftr-osmc at master · osmc/osmc · GitHub
Check other Linux systems if you’re not sure
It is possible you got hacked
https://discourse.osmc.tv/t/urgent-vulnerability-in-all-osmc-systems
I found a massive vulnerability in OSMC
Absolutely not.
As a security researcher, if you genuinely believe there is such an issue you should practice responsible disclosure.
Sam
If you want to setup key based ssh login I hope you have read up on the concept and understood that the keys for authentication are stored for each user in their own home directory (in this case /home/osmc/.ssh/authorized_keys)
Keys in /etc/sshd/ are hosts keys that are required to setup the encrypted connection regardless if you are using passwords or keys for authentication.
Brilliant and thanks to all. I am somewhat assured on security and worked out the keys were generated on first boot. I was having problems with ownership having removed the offending key with ssh-keygen because the new file was owned by root. I have it sorted now.
Regarding security my remaining concern is that downloaded add-ons may make me vulnerable. Am now installing VPN.