security: update ssh configs

[der.hans]

moin moin,

disable UseRoaming in your config.

echo "UseRoaming no" | sudo tee -a /etc/ssh/ssh_config

*or*

echo "UseRoaming no" >>~/.ssh/config

or both.

If you only connect to save ssh servers you should be fine, but this bug
could be exploited to disclose private keys.

Not sure why a test feature was enabled by default, especially one that
can leak private keys.

UseRoaming looks to me like something that should explicitly be disabled
by default in the config files just to be sure.

The patch is removing the parts that start up roaming in the client.

http://undeadly.org/cgi?action=article&sid=20160114142733&mode=expanded

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "I never let schooling get in the way of my education." -- Mark Twain