ssh roaming

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ssh roaming

Ted Unangst-6
Qualys Security identified vulnerabilities in the ssh client roaming feature.
In the default configuration, this could potentially leak client keys to a
hostile server.

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

There are patches to disable the roaming feature, and it has been removed from
the source tree.