SSH key cloning problem in OnApp templates

OnApp sells a "complete IaaS platform" for hosting providers to offer virtual servers. Their platform ships with templates (disk images) for many different operating systems, which it automatically customizes (passwords, network settings, etc.) when a new virtual server is deployed.

During each deployment, the platform removes and regenerates the SSH RSA and DSA host keys that are included with the template.

However, it fails to remove and regenerate the ECDSA host keys in its templates for newer operating system releases that support ECDSA. All customers using these templates are using the same ECDSA host key, unless they have been alert or cautious enough to rekey themselves. They are gravely vulnerable to attacks on their SSH sessions.

Because I'm not an OnApp customer and do not have direct access to a copy of their product, I've been unable to confirm all version(s) of their platform or components that may be vulnerable. These templates, built in 2012-2013, are vulnerable when used in at least one recent OnApp release:

Arch Linux 2012.12 x64
Debian 7.1 Plesk x64
Debian 7.2 x64
Gentoo 12.1 x64
Ubuntu 12.04 x64

I reported this issue to OnApp on March 16, 2014 with a tentative disclosure date of April 16, 2014.

As of April 15, 2014, OnApp Support reports that Debian 7 templates have been updated.

As of May 8, 2014, none of OnApp's release notes have mentioned this issue, and the Debian 7.2 x64 template remains vulnerable on at least one OnApp customer's deployment.

It is trivially easy for attackers to identify vulnerable systems. Hosts using OnApp should immediately contact all customers that are potentially affected. Customers of OnApp-based hosts who are using ECDSA-capable SSH daemons should immediately rekey.

–
James Renken
Sandwich.Net, LLC
https://www.sandwich.net/