Month: May 2008

Posted on

ssh-vulkey : How to test weak SSH keys on your server

This might be stale news by most security alert people, but I felt compelled to write this post nevertheless. Byy this time most security alert people have realised that a serious security vulnerability has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems, and there are a lot of sites have published information about it. [1] [2] [3] [4] [5].

This vulnerability caused OpenSSL to generate “common” and predictable keys, which is easily crackable by using brute-force algorithm. In the extreme case, some of the keys are successfully cracked in 2 hours time. Longer keys 8192-bit RSA keyset might take as short as 129 days to generate as opposed to hundred of years if the keys were generated securely.

Which Ubuntu Linux system are affected ?
As Ubuntu linux operating system is based on Debian, it inherited Debian vulnerability problem. Users who has generated keys under (before updating to the new OpenSSL package via automatic updates, which is before May 13 2008) — Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS are all affected by this vulnerability

Other system which uses the keys generated by Debian and the above mentioned Ubuntu system is also affected as the keys might allow malicious 3rd party user to abuse the system. SSH login which uses these keys will not be considered secure anymore, and are advised to update their SSH keys immediately.

How to check against weak SSH keys ?
A system is as strong as its security measures (in this case, the key) to protect it. By using ssh-vulkey as detailed in Ubuntu Security Notice 612-2, you can detect weak keys in your system, and updates them accordingly.

Run “sudo ssh-vulnkey -a” command to check against weak keys :

ssh-vulnkey -a

ssh-vulnkey -a
Not blacklisted: 2048 fa:2e:1d:a6:84:64:a1:80:c4:31:68:5a:b0:1a:cb:fe /etc/ssh/ssh_host_rsa_key.pub
Not blacklisted: 1024 f4:34:04:85:58:a0:6b:0a:a1:b9:2d:3b:e6:19:5a:76 /etc/ssh/ssh_host_dsa_key.pub
COMPROMISED: 2048 5c:10:8a:c0:55:8c:1f:d9:4b:05:f0:35:0a:0d:2f:5c /home/someuser/.ssh/authorized_keys
Not blacklisted: 2048 a7:b4:3e:41:18:cb:f7:68:5e:4f:ae:30:14:d2:17:fd /home/someuser/.ssh/authorized_keys

More information about OpenSSL in Debian / Ubuntu security vulnerability :

Posted on

Using lsb_release to get Ubuntu release information

Sometimes when you are about to ask questions or to get help about something related to your Linux computer, you might be asked which distro and the release of the distro you are using.

Same goes if you need to fix something or install binary packages on someone else’s computer. The first thing you should know, is the name of the distro and the release they are using. The simplest way is to use “lsb_release” command, which are included on most modern GNU Linux operating system.

Just run : lsb_release -a
And you will be given information you need to install binary packages, submit a bug report or to determine which solution best for the particular distro.

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 7.10
Release:        7.10
Codename:       gutsy
Posted on

Ubuntu Hardy Python XML error bugfix – xml.dom.ext

This was brought to my attention when I’m working on a python code to parse xml documents. I found out that in Ubuntu Hardy, the python-xml package has moved xml.dom.ext.* package to /usr/lib/python2.5/site-packages/oldxml thus breaking python code which depended on python-xml.

One way to work around this bug is to append :

sys.path.append('/usr/lib/python%s/site-packages/oldxml' % sys.version[:3])

just before you import stuff from xml.dom.ext.*. Hope that would help you.

Posted on

Get cool “Powered by Ubuntu” sticker locally in Malaysia

Are you one of Ubuntu users? Then you can proudly display it with one of the “Powered by Ubuntu” stickers stamped on your computers. The only problem was, it used to be difficult to get one of those stickers as they were not offered in Malaysia.

Fortunately, Kebayan IT now offers “Powered by Ubuntu” stickers with reasonable price in Malaysia. They offers RM3/piece (without shipping) for the stickers, with each piece contains 9 “Powered by Ubuntu” stickers in various color.

Now you can turn this

In to this

How cool was it? Please visit Kebayan IT Ubuntu Stickers website for more information.

Posted on

How to enable USB-Serial Port adapter (RS-232) in Ubuntu Linux

Though some might argue that Serial port are things in the past, it is still the most popular port for those who are into electronic DIY. Building electronic device with serial port interface is cheaper than buiding one that uses USB. That is the reason why people still sell USB-Serial adapter to those electronic DIY enthusiast.

Here’s how to enable USB-Serial port adapter in Ubuntu Linux (with credit to Freeman from RepRap forum)


First plug in the USB-Serial Port adaptor to one of your USB port. Wait for a couple of second, then run “dmesg”. You should see these message at the end of dmesg output.

usb 1-1: new full speed USB device using uhci_and address 2
usb 1-1: configuration #1 chosen from 1 choice

After that, unplug the device and type “lsusb”. You will see a list of output similar to this. 

Bus 003 Device 001: ID 0000:0000  
Bus 002 Device 007: ID 03f0:4f11 Hewlett-Packard 
Bus 002 Device 006: ID 05e3:1205 Genesys Logic, Inc. Afilias Optical Mouse H3003
Bus 002 Device 004: ID 15d9:0a33

Plug in the USB-Serial Port converter back, and run “lsusb” again, and you shall see an additional line, like this.

Bus 003 Device 001: ID 0000:0000  
Bus 002 Device 007: ID 03f0:4f11 Hewlett-Packard 
Bus 001 Device 002: ID 4348:5523 --- --- --- (notice the additional line!)
Bus 002 Device 006: ID 05e3:1205 Genesys Logic, Inc. Afilias Optical Mouse H3003
Bus 002 Device 004: ID 15d9:0a33

Now we know the vendor id and the product id of the USB-Serial Port converter, this will enable us to load the linux kernel module “usbserial” to activate the device, like this :

sudo modprobe usbserial vendor=0x4348 product=0x5523

Run “dmesg” again and you shall see lines similar like this :

usbserial_generic 1-1:1.0: generic converter detected
usb 1-1: generic converter now attached to ttyUSB0
usbcore: registered new interface driver usbserial_generic

As you can see, the new serial port device is mapped to /dev/ttyUSB0. You can instruct Ubuntu to load this module automatically by include the line : “usbserial vendor=0x4348 product=0x5523” inside “/etc/modules” file.

Bonus: What application benefits from usb-serial port adaptor?
For starters, there are modems which uses RS-232 serial port. Some home-made devices includes Infrared remote control which uses LIRC which also depends on the serial port.

I use the adaptor to hook up my morse keyer in order to send morse code through the internet using Xchat CWIRC plugin. The site has an excellent circuit diagram to build such interface.

You can see my home-made morse code oscillator here : My Homemade Morse Code Practice Oscillator

Where can I get USB to Serial port converter?
You can get it from your local computer stores or order it online !