On Thu, January 14, 2016 11:46 am, m.roth at 5-cent.us wrote: > Timo Schöler wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 01/14/2016 05:34 PM, m.roth at 5-cent.us wrote: >>> Michael H wrote: >>>> Probably worth a read... >>>> >>>> http://www.openssh.com/txt/release-7.1p2 >>>> >>>>> Important SSH patch coming soon. For now, everyone on all >>>>> operating systems, please do the following: >>>>> >>>>> Add undocumented "UseRoaming no" to ssh_config or use >>>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug >>>>> CVE-2016-0777. More later. >>>> >>>> echo "UseRoaming no" >> /etc/ssh/ssh_config >>> >>> Please clarify - will the update add *Roam* to >>> /etc/ssh/ssh_config? >> >> It will fix the bug. >> >>> I've just checked on two systems that are CentOS 7, a server, and >>> a workstation that I literally built yesterday, and grep -i on >>> both reports "no, not here". >> >> Yes, as it's undocumented, but enabled since about 2010. Even OpenBSD >> 5.9 (pre-release, it's going to be released on May 1st, 2016) does not >> mention it. > > Undocumented? You're saying that there's a feature that is configurable > via the configuration file, and there's no mention of it at all in the > configuration file, not even the default? > > That is more than slightly unacceptable. > More than agree! I was highly respecting OpenBSD project, especially for their openssh. After scandal with OpenBSD IPSEC stack backdoor accusations, my respect faded grossly, and I felt extremely happy my choice of system for servers fell on FreeBSD, not OpenBSD (for some independent reason)... Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++