Get Schooled at New Horizons

Info and insights from New Horizons Computer Learning Centers!
Start exploring

Is OpenSSH Susceptible to Heartbleed?

Given the serious Heartbleed bug discovered in OpenSSL, you may wonder if your OpenSSH installation is safe. Fortunately, despite the similar name and the fact that OpenSSH uses some portions of OpenSSL, the Heartbleed bug is not directly affected by Heartbleed, as it does not use any functions related to the TLS protocol.

On the other hand, many servers run both OpenSSH and OpenSSL, and if the server was compromised by running an unsafe version of OpenSSL, this could have given hackers information allowing them to compromise other aspects of the server. In SSH, the private keys are stored by the clients (not the server), but it’s also possible that client computers could be hacked via the Heartbleed vulnerability.

To be safe rather than sorry, it’s probably best to make sure any affected OpenSSL installation is updated, even if it’s not used to serve SSL, and to update passwords and rotate keys used for SSH.

Leave a Reply