Important: Action May Be Required – Vulnerability in SSH Agent Forwarding

Posted by

Dear Valued Customer,

We are writing to bring your attention to a critical security matter regarding SSH Agent Forwarding, you may have received an email last week on this matter.

Who is affected?
Customers who use SSH connections from terminal emulator programs like dL4Term, PowerTerm, or Putty to log in to their systems with a user login and password are not vulnerable to the recent SSH vulnerability. However, if you utilize SSH Agent Forwarding, which is represented by the ‘-A’ flag in the following command: ‘ssh -A <user>@<servername>’, we strongly advise you to immediately discontinue using SSH Agent Forwarding and switch to an alternative solution.

What servers are affected?

The vulnerability affects:

  • CentOS (Version 8.x and older)
  • RHEL (Version 7.x or older)
  • Amazon Linux servers

What is the root cause?
The root cause is a vulnerability in OpenSSH before version ‘9.3p2’. Additionally, because these OS’s have reached their “End-of-Life” (EOL) status, there are no official security patches available.

What to do if you’re affected?
To ensure the utmost security of your systems, we recommend taking the following actions:

  1. If you are currently using SSH Agent Forwarding, please refrain from using this feature immediately, as even non-privileged users may gain unauthorized access using forwarded keys on an affected OS.
  2. We also encourage customers on Linux operating systems that have reached “End-of-Life” to reach out to us to schedule an upgrade to RHEL 8 or Rocky8, which are currently supported Operating Systems offering improved security and regular updates for issues like these.

We understand that this may raise questions or concerns, and we are here to assist. If you have any inquiries or require further information, please do not hesitate to open a ticket at tickets.dynamic.com. Our support team will promptly address your concerns and provide guidance.

Your trust and security are of paramount importance to us, and we sincerely appreciate your prompt attention to this matter. By working together, we can ensure the continued protection of your valuable data and systems.

Thank you for your cooperation and ongoing partnership with us.

Best regards,
Engineering Team
Dynamic Concepts Inc.