public PoC to steal SSH host private keys on vulnerable Linux kernels

Heads-up: public PoC to steal SSH host private keys on vulnerable Linux kernels

A public PoC called ssh-keysign-pwn has been released.

It demonstrates how an unprivileged local user can steal root-owned SSH host private keys from:

/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key

The exploit abuses the Linux kernel __ptrace_may_access() mm-NULL bypass together with pidfd_getfd. According to the repo, it affects pre-31e62c2ebbfd kernels.

The SSH angle is via ssh-keysign: it opens the host private keys as root before dropping privileges. If the vulnerable kernel race is hit while the file descriptors are still open, the unprivileged user can duplicate those fds and read the keys.

The repo says this can work in roughly 100–2000 spawns, and lists confirmed affected systems including Raspberry Pi OS Bookworm 6.12.75, Debian 13, Ubuntu 22.04 / 24.04 / 26.04, Arch, and CentOS 9.

Why this matters:

• SSH host private keys identify your server.
• If stolen, attackers may be able to impersonate the host in some scenarios.
• This is especially relevant for VPS providers, shared systems, shell providers, and any multi-user Linux host.

What to do:

• Patch the kernel once your distro ships the fix.
• Reboot into the patched kernel.
• Providers should check host node kernels, not just guest kernels.
• Consider rotating SSH host keys if untrusted local users had access before patching.
• Watch distro security advisories for backports of commit 31e62c2ebbfd.

PoC:
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn

Upstream fix:
https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a