I am working on an embedded device that runs FreeBSD and SSH.
As you know, sshd likes to randomly generate a set of server keys when it first boots up. The problem is that we will be shipping the product with a read-only sd-card filesystem (non-negotiable).
My two options as I see them are:
- Ship the same sshd server keys on all devices
- Mount a memory file system and generate the server keys on each boot (slow…)
Is it a major security problem to ship the same server keys on all devices? These items will not be directly on the internet. There will occasionally be multiple devices owned by the same person and on the same network.
Most of the time the device will not be connected to the internet.
Logging in with SSH is not part of normal operation. It is mostly for the convenience of the programmers and technicians. Customers will not be logging in to the device with SSH.
What are the ramifications of using the same server keys on multiple hardware devices?
PS could someone please create an internet-of-things tag?
EDIT: I am talking about installing the same host private keys on all servers (devices). As far as user public/private keys, there are currently no plans to use key based login – it would be password login. Again, same password on all servers (devices).
I know that this is probably a bad idea. I’d like to know why precisely it is a bad idea though so I can understand the tradeoffs.
Rather than storing host-specific data such as ssh host keys on the SD card or other read-only media, you can store this in NVRAM, which is what it’s for on an embedded system. You’ll need to do some custom scripting to store and retrieve the keys at boot time, but the scripts will be exactly the same for every device.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.