Two neOpenSSHw vulnerabilities, CVE-2016-0777 and CVE-2016-0778, were found yesterday on the OpenSSH project which allows a malicious SSH server to steal the client’s private keys when using the roaming undocumented feature. So, if you have to connect to any server that is not under your control (including git over SSH through third-party services like GitHub or Bitbucket), keep reading!

Vulnerability details

Since version 5.4, the OpenSSH client (this is important, only the client) supports an undocumented feature called roaming. This feature is useful to resume an SSH session if the connection breaks unexpectedly. Unfortunately, it is enabled by default in all OpenSSH clients, and can be used by malicious servers to steal the client’s private keys thanks to information leak and a buffer overflow.

How can I protect myself?

Security patches are being released, but in the meantime it can be hot-fixed by setting the undocumented option “UseRoaming” to “no”.

Linux:

$ echo 'UseRoaming no' | sudo tee -a /etc/ssh/ssh_config

MacOS:

$ echo "UseRoaming no" >> ~/.ssh/config

What about my server? Should I upgrade?

It is not necessary. The roaming feature is not supported by the OpenSSH server, so the vulnerability only affects to clients connecting to SSH servers. If you connect to a malicious server or in case it is compromised, you might be sharing your private key.

Further reading