Cryptographic keys protecting SSH connections stolen in new attack – ArsTechnica
arstechnica.comPrevious discussion:
Passive SSH Key Compromise via Lattices [pdf] (iacr.org)
In certain closed-source implementations.
>"The researchers traced the keys they compromised to devices that used custom, closed-source SSH implementations that didn’t implement the countermeasures found in OpenSSH and other widely used open source code libraries. The devices came from four manufacturers: Cisco, Zyxel, Hillstone Networks, and Mocana. Both Cisco and Zyxel responded to the researchers’ notification of the test results before the completion of the study. Hillstone responded afterward."
And of course Cisco was one of them.
Excerpt from the linked article: «It affects only keys using the RSA cryptographic algorithm, […].»