How bad is it to have multiple devices with the same SSH server keys?

Solution 1:

Rather than storing host-specific data such as ssh host keys on the SD card or other read-only media, you can store this in NVRAM, which is what it's for on an embedded system. You'll need to do some custom scripting to store and retrieve the keys at boot time, but the scripts will be exactly the same for every device.

Solution 2:

The impact of shipping the same key pair with all your devices is directly related to the security of the clients connecting to them, as it means that there is no way (from an SSH client) to uniquely identify the device it may be connecting to. Should your key pair be leaked, it could be used for MITM attacks.

On the other hand, regenerating the keys on each boot, will also trigger an alert on the clients.

For reference, from man ssh(1):

ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with. Host keys are stored in ~/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables password authentication to prevent server spoofing or man-in-the-middle attacks, which could otherwise be used to circumvent the encryption. The StrictHostKeyChecking option can be used to control logins to machines whose host key is not known or has changed.

Solution 3:

It sounds like in the first option, the SSH keys would be available on the SD card. So any user could take the card and read them out. So basically your private keys have become (mostly) public.

This will allow man-in-the-middle attacks, like the following:

  1. A user sets up a SSH server with the private keys obtained from your device and gives that IP address to your technician.
  2. Your technician inputs the root password over the SSH connection.
  3. The user now knows the root password that is valid for all your devices.

However, you shouldn't be using root passwords in the first place, use ssh keys for authentication instead. Then the impact of shared server keys is pretty small if you only log on from a LAN.

SSH also provides forward secrecy, so an attacker has to be able to setup a false server to benefit from the keys; passively sniffing the traffic will not allow decrypting it.

Solution 4:

I read this in horror! I who have done multiple machines in the same cluster with the same ssh host key would never dare do this. Do not under any circumstances allow machines with different sets of administrators to share ssh host keys. That way lies madness and screaming horror when you get posted for your lack of security.

Behold I tell you the truth, he who compromises one device compromises all of them. Once obtained one, expect bad people to jump from one to another at will and the security rolled back as though it were thin paper.