OpenSSH adds protection against Spectre, Meltdown, RAMBleed

OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory.

OpenSSH protection side-channel attacks

About OpenSSH

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol.

It encrypts all traffic to stymie eavesdropping, connection hijacking, and similar attacks, and provides several authentication methods, a variety of configuration options and various tunneling capabilities.

The suite is incorporated into many Linux distributions and also in Windows 10 (since version 1803).

About the patch

The patch, submitted by long-time OpenBSD and OpenSSH developer Damien Miller, adds protection for private keys at rest in RAM against speculation and memory side-channel attacks (Spectre, Meltdown, Rowhammer, Rambleed, etc.).

When not in use, these private keys are encrypted with a symmetic key derived from a “prekey” consisting of 16KB of random data.

“Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely,” Miller explained.

“Implementation-wise, keys are encrypted ‘shielded’ when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised.”

The patch is a stopgap solution, as existent attacks can likely be improved to bypass it. Nevertheless, it’s welcome.

Miller expressed his hope that they will be able to remove the patch in a few years time, when new, more secure processors are developed and widely deployed.