[RndTbl] ssh can blab private keys early _nixCraft

Sean Cody sean at tinfoilhat.ca
Thu Jan 21 22:30:09 CST 2016

Those are two very different issues. :)
But yeah on systems that do not implement ASLR it can leak heap memory.

Qualys did a great job on this find.

Easy mitigations are to use an ssh-agent instead and disable roaming on the clients (no official Crapple patch yet though if you are using keychain you have an ssh-agent so you're fine [that is private key not stored in the same process space as client] and Host \*\nUseRoaming=no >> ~/.ssh/ssh_config).

Sending pub keys are not a bad thing... if you are trying to build a foot print then collecting keys are interesting.
Best practice is to generate key pairs for every system you connect to but in practicality by organization is fair (ie. different key for github, home, nifty, work etc.) and leveraging ssh-agent makes that rather painless.

Yeah, I'm not dead... just not at a proper personal computron much these days.


> On Jan 21, 2016, at 12:14 AM, jd <jd at wcgwave.ca> wrote:
> ssh (certain version) appears to volunteer rather much, before getting down & crypty.
> via nixCraft (on facecrack) **
> https://www.facebook.com/nixcraft/posts/1217637954916247
> Fix:
> http://www.cyberciti.biz/faq/howto-openssh-client-security-update-cve-0216-0777-cve-0216-0778/
> ** Image attached - termscrot of ssh attempt on a fake nastynode, via nixCraft:
> ssh_Caution_nixCraft.png
> <ssh_Caution_nixCraft.png>_______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20160121/abe91b7e/attachment.sig>

More information about the Roundtable mailing list