MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Thu, Jan 14, 2016 11:09 pm

OpenSSH Roaming Vulnerability

Ars Technica published an article today titled Bug that can leak crypto keys just fixed in widely used OpenSSH which explained how a compromise of a SSH server running OpenSSH software could lead to the server being used to capture data from the memory of systems that have connected to the server via SSH including private keys for users connecting to the server.

The vulnerability resides only in the version end users use to connect to servers and not in versions used by servers. A maliciously configured server could exploit it to obtain the contents of the connecting computer's memory, including the private encryption key used for SSH connections. The bug is the result of code that enables an experimental roaming feature in OpenSSH versions 5.4 to 7.1

"The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys," OpenSSH officials wrote in an advisory published Thursday. "The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers."

The roaming feature was intended to allow users to resume broken SSH connections, even though the feature was disabled in OpenSSH server software years ago. E.g., when I connected to a server I have running OpenSSH server software, I saw the folowing:

$ ssh -v jdoe@ 2>&1 >/dev/null | grep -i 'roaming'
debug1: Roaming not allowed by server

The Red Hat article on the vulnerability OpenSSH: Information-leak vulnerability (CVE-2016-0777) notes:

Since version 5.4, the OpenSSH client supports an undocumented feature called roaming. If a connection to an SSH server breaks unexpectedly, and if the SSH server supports roaming as well, the client is able to reconnect to the server and resume the interrupted SSH session. The roaming feature is enabled by default in OpenSSH clients, even though no OpenSSH server version implements the roaming feature.

For affected products, the article also notes:

Red Hat Enterprise Linux 7 since version 7.1 has provided OpenSSH 6.6 for which the default configuration is not affected by this flaw. OpenSSH 6.6 is only vulnerable to this issue when used with certain non-default ProxyCommand settings. Security update RHSA-2016-0043 corrects this issue.

So CentOS 7 systems using a default OpenSSH configuration should be unaffected, since CentOS is derived from Red Hat Enterprise Linux.

On a Linux system, you can check the version of SSH installed with ssh -V.

$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

On a CentOS Linux system using the RPM Package Manager you can also use rpm -qi openssh | grep Version.

$ rpm -qi openssh | grep Version
Version     : 6.6.1p1

On a CentOS system, you can update the software from the command line, aka a shell prompt, using the command yum update openssh.

If you are using a vulnerable OpenSSH client, you can also specify the -oUseRoaming=no parameter on the command line to ensure that a malicious server can't take advantage of the vulnerability. E.g. ssh -oUseRoaming=no Or the feature can be disabled for all users on a system by putting UseRoaming no in /etc/ssh/ssh_config or by an individual user for his account by adding the line to ~/.ssh/config.

echo 'UseRoaming no' >> /etc/ssh/ssh_config


  1. Bug that can leak crypto keys just fixed in widely used OpenSSH
    Date: January 14, 2016
    Ars Technica
  2. Fixing The New OpenSSH Roaming Bug
    By: ScriptRock
    ScriptRock Blog
  3. OpenSSH: Information-leak vulnerability (CVE-2016-0777)
    Updated: January 14, 2016
    Red Hat Customer Portal
  4. Security OpenSSH Security Bug CVE-2016-0777 & CVE-2016-0778
    Date: January 4, 2016

[/network/ssh] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo