![[LDP]](/moin_static184/ldp/tldp.png)
The OpenSSH project today reported a client side issue affecting OpenSSH versions 5.4 - 7.1. This issue could allow an SSH client to leak key information, potentially exposing users to man-in-the-middle attacks.
What does this mean?
A key exchange is initiated when an SSH client connects to a server. A new "roaming" feature included in the OpenSSH client can be exploited and a malicious server could use this issue to leak client memory to the server, including private client user keys.
Who is affected?
This issue affects the OpenSSH client (not server) on most modern operating systems including Linux, FreeBSD and Mac OSX. This issue may also affect users running OpenSSH for Windows but does not affect users using PuTTY on Windows.
How to fix the issue
While patches and updates are being rolled out for affected distributions, the feature causing this security issue can be disabled manually in order to resolve the issue. On OS X, Linux and BSD variants this can be done by adding a line to your SSH configuration.
On Linux and FreeBSD
Run the following command to add the new line to your configuration:
echo 'UseRoaming no' | sudo tee -a /etc/ssh/ssh_config
On Mac OSX
Run the following command to add the new line to your configuration:
echo "UseRoaming no" >> ~/.ssh/config
Close and Reopen Sessions
Once you have done this you should close any open SSH sessions in order for the change to be effective.
Learn More
OpenSSH: client bug CVE-0216-0778 Ubuntu - USN-2869-1: OpenSSH vulnerabilities
Written by Ryan Quinn
Edited for TLDP by Jason Evans
License: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
