OpenSSH Fixes Side Channel Attacks
There is a rise in memory side-channel vulnerabilities like RAMBleed, Spectre, and Meltdown. OpenSSH is often at the center of attacks where a bad actor “exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system,” according to the Hacker News.
The root case of this issue is that fact that the OpenSSH agent stores a copy of the SSH keys in the memory (RAM of CPU), eliminating the need of entering a passphrase to log into the server via SSH. Since these keys are stored in either RAM or CPU in plaintext, they are susceptible to attacks.
The OpenSSH community is now fixing this issue through an update. OpenSSH will now encrypt private keys before storing them into the system memory.
“Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely,” said Damien Miller of the OpenBSD project on a mailing list.