Mailing List Archive

OpenSSH Wipe Keys from RAM on Suspend
Hi. There is a new cryptsetup feature that is supposed to protect user
data while the PC is in standby. It wipes the key from RAM when sleep
events are triggered. While it protects LUKS, other data and keys loaded
in RAM at the time are still vulnerable to forensic recovery. Can you
please consider adding a sleep key cache wipe feature to OpemSSH?

[1] https://blog.freesources.org//posts/2020/08/cryptsetup-suspend/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: OpenSSH Wipe Keys from RAM on Suspend [ In reply to ]
On Sat, 2020-09-19 at 23:17 +0000, procmem@riseup.net wrote:
> Hi. There is a new cryptsetup feature that is supposed to protect
> user data while the PC is in standby. It wipes the key from RAM when
> sleep events are triggered. While it protects LUKS, other data and
> keys loaded in RAM at the time are still vulnerable to forensic
> recovery. Can you please consider adding a sleep key cache wipe
> feature to OpemSSH?

It already exists:

ssh-add -D

you just have to plumb it in to the suspend hooks. It's also not
really the big problem: most people have gnome-keyring/kde-wallet
manage these keys. Nowadays it runs ssh-agent under the covers and adds the keys from the config files based on the passwords in the login keyring, so you'd have to lock the login keyring as well on suspend and unlock it on resume ... probably by hooking the screensaver password in to it somehow and then have it re-populate ssh-agent. That's a lot of highly distro specific plumbing.

James


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev