On 01/15/2016 06:39 AM, Johnny Hughes wrote: > On 01/14/2016 10:20 AM, Michael H wrote: >> Probably worth a read... >> >> http://www.openssh.com/txt/release-7.1p2 >> >>> Important SSH patch coming soon. For now, everyone on all operating >>> systems, please do the following: >>> >>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" >>> to prevent upcoming #openssh client bug CVE-2016-0777. More later. >> >> echo "UseRoaming no" >> /etc/ssh/ssh_config > > For the record, this update is now released (it was yesterday): > > https://lists.centos.org/pipermail/centos-announce/2016-January/021614.html > > This contains a patch that disables roaming: > https://git.centos.org/commitdiff/rpms!openssh.git/1edce7e6bfedb27a163f35bcacab620a703408ac Yes, thank you, I saw it yesterday in my e-mail from yum. I am not happy that this bug existed, undocumented features enabled by default are not a good thing. However that this bug was found demonstrates a success of the Open Source philosophy. I don't know this would have been found in a closed source SSH implementation. Open Source works.