A group of researchers from the University of California at San Diego demonstrated the possibility of recreating closed hosted SSH-compounds using a passive analysis of traffic SSH. The attack can be made on servers on which, due to a combination of circumstances or actions of the attacker, failures arise during the calculation of the digital signature when installing the SSH connection. Failures can be both software (incorrect performing mathematical operations, memory damage) as well as hardware (errors when working NVRAM and DRAM or malfunctioning with power).
One of the options for stimulating the failures can be the ROWHAMMER class attacks, among other things, allowing remotely or when processing a JavaScript code in a browser to distort the content of individual memory bits with intensive cyclic data reading from neighboring memory cells. Another option for causing the failures may be the operation of vulnerabilities leading to overflow of the buffer and damage to data with memory keys.
The published study shows that when using digital signatures based on the RSA algorithm in SSH, an attack on the reconstruction of the RSA closed keys is applicable to the parameters of the digital signature lattice (Fault Attack) in case of software or hardware failures during the signing process. The essence of the method is that by comparing the correct and outrageous digital signatures of the RSA, you can determine The largest total divider for the output of one of the simple numbers used in the formation of the key.