security: update ssh configs

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: quatsch
Subject: security: update ssh configs
moin moin,

disable UseRoaming in your config.

echo "UseRoaming no" | sudo tee -a /etc/ssh/ssh_config

*or*

echo "UseRoaming no" >>~/.ssh/config

or both.

If you only connect to save ssh servers you should be fine, but this bug
could be exploited to disclose private keys.

Not sure why a test feature was enabled by default, especially one that
can leak private keys.

UseRoaming looks to me like something that should explicitly be disabled
by default in the config files just to be sure.

The patch is removing the parts that start up roaming in the client.

http://undeadly.org/cgi?action=article&sid=20160114142733&mode=expanded

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "I never let schooling get in the way of my education." -- Mark Twain
---------------------------------------------------
PLUG-discuss mailing list - 
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss