OpenSSH exposes a high-risk vulnerability, which may expose the private key.

OpenSSH exposes a high-risk vulnerability, which may expose the private key.

OpenSSH releases the new client version and fixes a high-risk vulnerability that may leak the private key. The vulnerability exists in the version used by end users and does not affect the version used by the server. The vulnerability affects OpenSSH v5.4 to 7.1, which is related to a code for the default enabled experimental roaming function, it allows a malicious server to exploit the vulnerability to access the memory content of a networked computer and obtain the private key used by the user for SSH connection.

According to the SSH design, even if a user connects to a malicious host, the host only knows your public key and does not know the private key you are using. However, this vulnerability allows a malicious host to steal the private key, and then attackers can use the stolen key pair to penetrate into other network facilities of the user. Security researchers warned that the vulnerability may have been exploited. OpenSSH recommends that you update the vulnerability immediately.

For more information about OpenSSH, see the following links:

Install and configure OpenSSH in Ubuntu Server 13.10

Install OpenSSH remotely on Ubuntu

Solve the latency problem during remote login through OpenSSH

Offline installation of OpenSSH in Ubuntu 12.10

OpenSSH upgrade steps and precautions

Solutions for failures of common OpenSSH users

General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication

Install OpenSSH and configure the sftp lock directory for RedHat

This article permanently updates the link address: