Hi everyone out there, I just found out that ssh command doesn't use DIRECT IO to open *.pem, which means private key goes to page cache, which means attacker may exploit meltdown to discover user's private key. I may come up with a POC for that if anybody is interested, I'm basing my work on the tool I created for checking whether system is vulnerable by exploiting MELTDOWN, follow it: https://github.com/raphaelsc/Am-I-affected-by-Meltdown Check strace output when connect to instance via ssh: open("/home/utroz/.ssh/raphaelsc_aws.pem", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0400, st_size=1696, ...}) = 0 read(4, "-----BEGIN RSA PRIVATE KEY-----\r"..., 4096) = 1696 close(4) I think we are possibly interested in switching to DIRECT IO (given that it bypasses any caching system including page cache) when reading *.PEM file to prevent something like this from ever happening in the future. It turns out we can't rely on processors anymore to secure our data safely, even though Linux will be now safe after KAISER patchset, but users may have it disabled or mistakenly run a unpatched kernel. I'm interested in writing a patch for that, if you guys want me to. I'd need directions on where to look at (searching it in the source code now...) and where to send the patch to. That's going to be my first patch for the project, and I'd be really happy about doing it. Regards, Raphael Carvalho. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev