On June 21, 2019, support for SSH key shielding was intro‐
duced into the OpenBSD tree, from which the OpenSSH releases
are derived. SSH key shielding is a measure intended to
protect private keys in RAM against attacks that abuse bugs
in speculative execution that current CPUs exhibit.[0] This
functionality has been part of OpenSSH since the 8.1 re‐
lease. SSH private keys are now being held in memory in a
shielded form; keys are only unshielded when they are used
and re‐shielded as soon as they are no longer in active use.
When a key is shielded, it is encrypted in memory with
AES‐256‐CTR; this is how it works: [...]
https://xorhash.gitlab.io/xhblog/0010.html [gitlab.io]