-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 01/14/2016 05:34 PM, m.roth@xxxxxxxxx wrote:
> Michael H wrote:
>> Probably worth a read...
>>
>> http://www.openssh.com/txt/release-7.1p2
>>
>>> Important SSH patch coming soon. For now, everyone on all
>>> operating systems, please do the following:
>>>
>>> Add undocumented "UseRoaming no" to ssh_config or use
>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>> CVE-2016-0777. More later.
>>
>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>
> Please clarify - will the update add *Roam* to
> /etc/ssh/ssh_config?
It will fix the bug.
> I've just checked on two systems that are CentOS 7, a server, and
> a workstation that I literally built yesterday, and grep -i on
> both reports "no, not here".
Yes, as it's undocumented, but enabled since about 2010. Even OpenBSD
5.9 (pre-release, it's going to be released on May 1st, 2016) does not
mention it.
Timo
> mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iF4EAREIAAYFAlaX1gIACgkQuSPmkPhAW0pYsQD/YtMb9XpnIY+GZWJUfjUB/ktS
6KcEMUIB3wjXgBI609MA/03tx8mOMUIzrixR6Sjb3FaLvoN45WD61OKfAtLSdNw6
=1Vbf
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
