Hacker News new | past | comments | ask | show | jobs | submit login

Workaround (yes, it's client-side):

  # echo -e "Host *\n\tUseRoaming no\n" >> /etc/ssh/ssh_config
Disclaimer: won't work on all operating systems, shells, etc. YMMV. Consult a doctor before following any advice you get from the Internet. Void where prohibited. Restrictions may apply.

Edited per comments below




Don't ever fix your `ssh_config` by appending stuff to the end of the file. The configuration syntax allows for block constructs without an explicit end marker (like `Match` and `Host`). Appending will cause all kinds of sadness.


It's from the linked page.


Indeed. The page gives bad advise. If your config has `Host` blocks, like often in people's personal configs, or if you have a `Match` block, the new directive only applies to the last of those blocks in the config file.


Sufficient to place it at the top of ~/.ssh/config? Or does it also need a block header of its own, like:

    Host *
    UseRoaming no


I confirmed that it does not need to be placed into a Host block, as long as it is above all of your blocks.

For instance:

   UseRoaming no

   Host *
      Blah yes
Test with: ssh -v remote.ssh.host.com uptime 2>&1 | grep -i roaming

If it returns nothing, the config fix is active. If it isn't active, you'll see 'debug1: Roaming not allowed by server'


Which is why they're appending a newline and Host *?


Note that the example was changed as a result of my initial comment.


Presumably you would have to connect to a malicious host to be effected? Or perhaps a MITM on your connection to a legit host can exploit you somehow.


From the updated OP:

> The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers.


Malicious, compromised, or new servers. Because really, how many people check the host key for a newly spun up EC2 instance?


> Presumably you would have to connect to a malicious host to be effected?

Malicious or compromised.

> roaming code in the ssh client could be tricked by a hostile sshd server, potentially leaking key material.


Would this work too?

  $ echo "UseRoaming no" >> ~/.ssh/config


Yes, but it'll only affect that user.


And only the last `Host` entry in that config, if present.


Yes, but it would not apply to other users.


I'm emailing the one-liner to folks and found it helpful to just include the root subshell:

    sudo bash -c 'echo -e "Host *\n\tUseRoaming no\n" >> /etc/ssh/ssh_config'




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: