Overview

A flaw in OpenSSH, discovered and reported by Qualys on Jan. 14, 2016, could potentially allow an information leak (CVE-2016-0777) or buffer overflow (CVE-2016-0778) via the OpenSSH client. Specifically, an undocumented feature called roaming, introduced in OpenSSH version 5.4, can be exploited to expose a client’s private SSH key.

Impact

The roaming feature, which allows clients to reconnect to the server automatically should the connection drop (on servers supporting the feature), can be exploited in the default configuration of OpenSSH clients from versions 5.4 through 7.1p1, but is not supported in the default configuration of the OpenSSH server.

All versions of OpenSSH clients from 5.4 through 7.1p1 are affected for anyone who connects via SSH on the following operating systems:

• Linux
• FreeBSD
• Mac OS X
• Windows when using OpenSSH for Windows

The following are not affected:

• OpenSSH servers in default configuration
• Windows users utilizing PuTTY to connect
• Connections not authenticated via an SSH key

Summary

A connection made from an affected client to a compromised or malicious server which uses an SSH key for authentication potentially could expose all or part of the user’s private SSH key.

If the key utilized to authenticate the connection is encrypted, only the encrypted private key could be exposed. However, a malicious party could attempt to brute-force the password offline after obtaining the encrypted key.

Is Your SSH Client Vulnerable?

You can check the version of your SSH client by running the following command:

ssh -V

That will produce output similar to:

workstation$ $ ssh -V
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015

If the version is below 7.1p2, the SSH client is affected.

Resolution

1. Update your OpenSSL client: Check for any updates to your SSH client and apply them immediately.
2. Patch older clients: If an update is not yet available for your operating system, you may disable the roaming feature on affected clients by adding the line “UseRoaming no” to your ssh configuration file. You can do so directly or via one of the methods below:
   • On Linux, you can run the following command to add the necessary line:echo 'UseRoaming no' | sudo tee --append /etc/ssh/ssh_config

     And restart ssh.

   • On a Mac running OS X, you can run the command:echo "UseRoaming no" >> ~/.ssh/config

     You will need to close any active SSH sessions or log out and log back in to ensure the change has taken effect.

3. Change existing SSH keys: If you’re using keys to authenticate SSH connections, you should generate new keys as soon as possible. You can find instructions for generating a key and uploading it to your server at: Using SSH Keys. Please note: If you currently are using the same key to connect to multiple servers, you may wish to consider using unique keys in the future in light of the potential scope of this vulnerability. You also should ensure you are using a strong passphrase for any key you generate.