OpenSSH, a suite of programs used to secure network connections, was found to have a serious vulnerability that could trick client computers into leaking private cryptographic keys last week. Here's what you need to know and what you need to do if you are using OpenSSH.
The security bug was found by researchers at security firm Qualys and applies to OpenSSH version 5.4 all the way to 7.1. OpenSSH officials published an advisory stating that the vulnerability is only on the version used by end users to connect to servers and does not affect OpenSSH used by servers.
The security flaw originates from OpenSSH's roaming function, which allows the client to reconnect to a server and resume a suspended SSH session if a server breaks unexpectedly. The feature is on by default. The leaking of private keys can only occur after the client computer has been successfully authenticated by the server.
"The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers," OpenSSH officials said in the advisory. While this does reduce the chances of the vulnerability being exploited, Qualys noted that the bug could have already a been used by attackers (not surprising given that version 5.4 was released over five years ago):
"The information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client's version, compiler, and operating system) allows a malicious SSH server to steal the client's private keys. This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly."
OpenSSH has already issued patches for this latest vulnerability and urged users on the affected versions of the software to update to newest one, which is OpenSSH 7.1p2. For those who can't upgrade, it is advised that you turn off the roaming function. Here are the instructions on how to do this by Qualys:
The vulnerable roaming code can be permanently disabled by adding th undocumented option "UseRoaming no" to the system-wide configuration file (usually /etc/ssh/ssh_config), or per-user configuration file (~/.ssh/config), or command-line (-o "UseRoaming no").
You can find out how to mitigate the bug for different scenarios in Qualys' advisory.