OpenBSD Secure Shell (OpenSSH) is a suite of networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel in a client–server architecture over an unsecured network.

While there have been several side-channel vulnerabilities in modern processors and DRAMs, such as the infamous Spectre and Meltdown, which side-channel attacks leveraged the OpenSSH application installed on PC, whereby an attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory of the system.

An OpenSSH agent keeps a copy of SSH key in the memory to make it easier for you to connect to the same remote server, instead of typing your password every time you want to access the server; and with modern operating systems storing sensitive data, like encryption keys and passwords, in the kernel memory; since SSH keys live on the CPU memory in plaintext format, makes it susceptible to attacks involving memory read vulnerabilities.

Now, the OpenSSH developers has released an update that resolves this rather huge security flaw by introducing new security feature that encrypts private keys before eventually storing it in the system memory, thus protecting it against all the known types of side-channel attacks.

The new update encrypt private keys in OpenSSH using a symmetric key derived from a relatively large "prekey" consisting of random data, and it's to serve as an effective mitigation against the threat rather than a permanent solution.

OpenSSH will now Encrypt Private Keys with relatively large "prekey" consisting of Random data



OpenBSD Secure Shell (OpenSSH) is a suite of networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel in a client–server architecture over an unsecured network.

While there have been several side-channel vulnerabilities in modern processors and DRAMs, such as the infamous Spectre and Meltdown, which side-channel attacks leveraged the OpenSSH application installed on PC, whereby an attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory of the system.

An OpenSSH agent keeps a copy of SSH key in the memory to make it easier for you to connect to the same remote server, instead of typing your password every time you want to access the server; and with modern operating systems storing sensitive data, like encryption keys and passwords, in the kernel memory; since SSH keys live on the CPU memory in plaintext format, makes it susceptible to attacks involving memory read vulnerabilities.

Now, the OpenSSH developers has released an update that resolves this rather huge security flaw by introducing new security feature that encrypts private keys before eventually storing it in the system memory, thus protecting it against all the known types of side-channel attacks.

The new update encrypt private keys in OpenSSH using a symmetric key derived from a relatively large "prekey" consisting of random data, and it's to serve as an effective mitigation against the threat rather than a permanent solution.

No comments