CVE-2025-30095 - Dropbear Host Key Reuse Exposes VyOS and Debian-based Systems to SSH MITM Attacks

In early 2025, a serious security weakness has been revealed affecting VyOS versions 1.3 through 1.5 (with a fix in 1.4.2) and potentially any Debian-based OS using Dropbear alongside live-build. The core of CVE-2025-30095 is startlingly simple: affected systems may ship with the same private Dropbear SSH host keys across countless installs. This exposes users to active man-in-the-middle (MITM) attacks on SSH connections—a critical vulnerability for anyone trusting their SSH sessions.

This post breaks down the issue in clear language, shows you how to check for and fix it, and demonstrates the risks with easy code snippets.

What is Dropbear, and How Does This Happen?

Dropbear is a lightweight SSH server and client, often used in embedded or minimal Linux environments. In Debian (and distros based on it), system images are often built using a tool called live-build. OpenSSH, the default SSH server on many systems, includes a check to regenerate host keys on boot if duplicates are detected. Dropbear, unfortunately, does not.

During image creation, unless extra handling is done, the host key generated when building the image is copied into every install made from that image. Anyone who gets that key can impersonate your server.

*In VyOS, Dropbear is not the default SSH server, but is enabled for console access. Many custom router images, headless devices, and rescue systems also use Dropbear.*

Why Is It Dangerous?

The server’s SSH host key is supposed to uniquely identify it. If hundreds or thousands of systems share the same private key, an attacker can:

Download the VyOS image or another vulnerable system’s image.

- Extract the /etc/dropbear/dropbear_rsa_host_key file (or similar).

Set up a host (virtual machine, Raspberry Pi, etc.) with the duplicate host key.

- Intercept or re-route network traffic to pass through the attacker's machine (e.g., via ARP spoofing or DNS poisoning).

Example:

# Attacker sets up a Dropbear server using the extracted host key
sudo dropbear -r /path/to/extracted/dropbear_rsa_host_key -p 22

Now, users connecting to *what they think is* their VyOS router will not see a “host key changed” warning, because the key matches. The attacker can proxy traffic, record credentials, or even modify the session.

Run the following on your VyOS or any Debian-like system using Dropbear

sha256sum /etc/dropbear/*host_key 2>/dev/null || echo "No Dropbear keys found"

- If the hash matches the one found in a public image or another install, your device is not unique and is vulnerable.

Mitigation: How To Fix the Problem

The recommended solution is to remove existing Dropbear host keys and generate new ones unique to your hardware:

# Remove old keys
sudo rm -f /etc/dropbear/*key*
sudo rm -f /etc/dropbear-initramfs/*key*

# Generate a new RSA key
sudo dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key

# Restart Dropbear (or reboot)
sudo systemctl restart dropbear # or use service dropbear restart

Who Else Is at Risk?

- Any Debian, Ubuntu, or derivative live image using Dropbear with live-build and not implementing a key rotation step.

Custom router or IoT builds

- Rescue/recovery/installer environments

OpenSSH has a built-in protection: if live-build is detected, it will regenerate host keys on first boot. Dropbear does not, leading to this unique vulnerability.

References

- Original Security Advisory: Debian Security Tracker CVE-2025-30095
- VyOS Advisory: VyOS Blog Security Fixes (Jan 2025)
- Dropbear Project: Dropbear SSH - Lightweight SSH Server
- Live-build Documentation: Debian Live Build Manual

Summary Table

| System | Dropbear by default | Affected if built with live-build | Patched Version |
|-----------------------|---------------------|-----------------------------------|------------------------|
| VyOS 1.3.x / 1.4.-1 | Console only | Yes | 1.4.2+ |
| Debian-based Rescue | Often | Yes | N/A (fix manually) |
| OpenSSH only systems | No | No (has safeguard) | - |

Conclusion

CVE-2025-30095 is a stark reminder of the risks lurking in convenience. If your system uses Dropbear and was imaged via live-build, check your keys *today*. Re-generate them before going into production, and always upgrade to the latest security releases.

Don't let a duplicate key open the door for attackers. Patch now, and share this with anyone running VyOS, embedded Debian, or custom SSH-enabled builds!


*This post is original and exclusive for this platform. If reproduced, please attribute and link back. Thanks for reading—stay secure!*

Timeline

Published on: 03/31/2025 15:15:44 UTC
Last modified on: 04/11/2025 14:15:24 UTC