On Thu, Jan 14, 2016 at 11:34:18AM -0500, m.roth@5-cent.us wrote:
Michael H wrote:
Probably worth a read...
http://www.openssh.com/txt/release-7.1p2
Important SSH patch coming soon. For now, everyone on all operating systems, please do the following:
Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" to prevent upcoming #openssh client bug CVE-2016-0777. More later.
echo "UseRoaming no" >> /etc/ssh/ssh_config
Please clarify - will the update add *Roam* to /etc/ssh/ssh_config? I've just checked on two systems that are CentOS 7, a server, and a workstation that I literally built yesterday, and grep -i on both reports "no, not here".
That came from Theo (OpenBSD's Theo) and was called undocumented. So, my guess is that, in the client (not the server) there is a default of UseRoaming that doesn't show in the config file.
Note that this is something that affects ssh clients, not servers.