OnApp sells a "complete IaaS platform" for hosting providers to offer 
virtual servers. Their platform ships with templates (disk images) for 
many different operating systems, which it automatically customizes 
(passwords, network settings, etc.) when a new virtual server is deployed.

During each deployment, the platform removes and regenerates the SSH RSA 
and DSA host keys that are included with the template.

However, it fails to remove and regenerate the ECDSA host keys in its 
templates for newer operating system releases that support ECDSA. All 
customers using these templates are using the same ECDSA host key, 
unless they have been alert or cautious enough to rekey themselves. They 
are gravely vulnerable to attacks on their SSH sessions.

Because I'm not an OnApp customer and do not have direct access to a 
copy of their product, I've been unable to confirm all version(s) of 
their platform or components that may be vulnerable. These templates, 
built in 2012-2013, are vulnerable when used in at least one recent 
OnApp release:

Arch Linux 2012.12 x64
Debian 7.1 Plesk x64
Debian 7.2 x64
Gentoo 12.1 x64
Ubuntu 12.04 x64

I reported this issue to OnApp on March 16, 2014 with a tentative 
disclosure date of April 16, 2014.

As of April 15, 2014, OnApp Support reports that Debian 7 templates have 
been updated.

As of May 8, 2014, none of OnApp's release notes have mentioned this 
issue, and the Debian 7.2 x64 template remains vulnerable on at least 
one OnApp customer's deployment.

It is trivially easy for attackers to identify vulnerable systems. Hosts 
using OnApp should immediately contact all customers that are 
potentially affected. Customers of OnApp-based hosts who are using 
ECDSA-capable SSH daemons should immediately rekey.

-- 
James Renken
Sandwich.Net, LLC
https://www.sandwich.net/