security: update ssh configs

der.hans PLUGd at LuftHans.com
Thu Jan 14 09:23:47 MST 2016


moin moin,

disable UseRoaming in your config.

echo "UseRoaming no" | sudo tee -a /etc/ssh/ssh_config

*or*

echo "UseRoaming no" >>~/.ssh/config

or both.

If you only connect to save ssh servers you should be fine, but this bug
could be exploited to disclose private keys.

Not sure why a test feature was enabled by default, especially one that
can leak private keys.

UseRoaming looks to me like something that should explicitly be disabled
by default in the config files just to be sure.

The patch is removing the parts that start up roaming in the client.

http://undeadly.org/cgi?action=article&sid=20160114142733&mode=expanded

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "I never let schooling get in the way of my education." -- Mark Twain


More information about the PLUG-discuss mailing list