I view holes in ssh as a “big deal”, so today’s announcement of a major hole in ssh sent chills down my spine. While any attack against it would have to be sophisticated - involving the compromise of the ssh server itself in the first place - there are plenty of attacks and high value targets out there.
A single malicious server that I have talked to - say for example - one implanted at github - could have leaked my private keys for my own servers and services. Or vice versa.
I talk to a lot of ssh servers. Unlike some, I rely on very few other forms of infrastructure besides ssh - the command line is my friend, and I script a lot of things. I have nailed up tunnels, backup servers, and other services all basically secured by ssh - which, given the constant churn in TLS security, I was happy with, until today. In all my planning not once did I envision a server side hole that could leak my private client keys.
I will regard this as an “oops” on my part - what I should have been doing is generating a unique public keypair per public service I’d been interoparting with. That way only that key could have been compromised.
This is, in part, a client side vulnerability - so first - close up the client by adding the right stuff to the ssh_config files everywhere. Or (as it turned out) doing an apt-get update; apt-get upgrade; everywhere. I am so happy that the major distro vendors handle this sort of thing rapidly and efficiently.
Terriffic, you are no longer vulnerable.
But had you exchanged any traffic with a compromised server in the past your keys could have been exposed, so now you need to revoke them all! And can you still trust any of your servers elsewhere?
But it’s worse than that - now I need to remember everywhere I have a passwordless login…
Fortunately for many things I have a pdsh implementation so I can push out changes easily. I use quite a few accounts worldwide, though, and after`
One of my long term concerns is the quality of random number generation on ssh-keygen on virtual hosts. I don’t know what to do about that.
It’s a bad idea to have cut myself off from something I’ve forgot about, so I set up an at job to delete my old keys after a month
I do wish ssh had TOFU (trust on first use) - it would help… ‘cause now I have to wipe out .known_hosts everywhere.
The rathole goes on and on and on.