[CentOS] Fwd: Heads up: OpenSSH users

Thu Jan 14 17:53:10 UTC 2016
Scott Robbins <scottro11 at gmail.com>

On Thu, Jan 14, 2016 at 11:34:18AM -0500, m.roth at 5-cent.us wrote:
> Michael H wrote:
> > Probably worth a read...
> >
> > http://www.openssh.com/txt/release-7.1p2
> >
> >> Important SSH patch coming soon.  For now, everyone on all operating
> >> systems, please do the following:
> >>
> >> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
> >> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
> >
> > echo "UseRoaming no" >> /etc/ssh/ssh_config
> Please clarify - will the update add *Roam* to /etc/ssh/ssh_config? I've
> just checked on two systems that are CentOS 7, a server, and a workstation
> that I literally built yesterday, and grep -i on both reports "no, not
> here".
That came from Theo (OpenBSD's Theo) and was called undocumented.  So, my
guess is that, in the client (not the server) there is a default of
UseRoaming that doesn't show in the config file.

Note that this is something that affects ssh clients, not servers.

Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6