Recently I borrowed my Orange Pi PC2 to a friend, and he fails to set up SSH connection w/ it.
After debugging w/ HDMI monitor, I found ssh_host_ecdsa_key, ssh_host_ed25519_key and ssh_host_rsa_key are preloaded to the Orange Pi PC2 image, which prevented SSH from working.
Even if it doesn't prevent working of SSHD, it's also a severe security hole -- that means all Armbian installation with the same image will uses the same host key and they're vulnerable to MITM attack.
I think these files should be purged when generating image, and regenerated when first powerup. It's what AOSC OS images do.
Question
Icenowy
Recently I borrowed my Orange Pi PC2 to a friend, and he fails to set up SSH connection w/ it.
After debugging w/ HDMI monitor, I found ssh_host_ecdsa_key, ssh_host_ed25519_key and ssh_host_rsa_key are preloaded to the Orange Pi PC2 image, which prevented SSH from working.
Even if it doesn't prevent working of SSHD, it's also a severe security hole -- that means all Armbian installation with the same image will uses the same host key and they're vulnerable to MITM attack.
I think these files should be purged when generating image, and regenerated when first powerup. It's what AOSC OS images do.
Link to comment
Share on other sites
1 answer to this question
Recommended Posts