
Vulnerability in OpenSSH: add undocumented “UseRoaming no” to ssh_config NOW - Aissen
https://twitter.com/msfriedl/status/687635945642967040
======
Aissen
This is from an OpenSSH developer, and looks quite serious.

It seems to be a client only vulnerability, but we never know. Roaming feature
has been in OpennSSH code for a while, but is undocumented:
[http://superuser.com/a/826734/47771](http://superuser.com/a/826734/47771)

 _Edit_ : Official communication: [http://lists.mindrot.org/pipermail/openssh-
unix-dev/2016-Jan...](http://lists.mindrot.org/pipermail/openssh-unix-
dev/2016-January/034679.html)

 _Edit 2_ : Affects 5.4 - 7.1
[http://undeadly.org/cgi?action=article&sid=20160114142733](http://undeadly.org/cgi?action=article&sid=20160114142733)

