Displaying 13 results from an estimated 13 matches for "useroaming".
2016 Jan 14
10
Fwd: Heads up: OpenSSH users
Probably worth a read...
http://www.openssh.com/txt/release-7.1p2
> Important SSH patch coming soon. For now, everyone on all operating
> systems, please do the following:
>
> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
echo "UseRoaming no" >> /etc/ssh/ssh_config
2016 Jan 15
2
Fwd: Heads up: OpenSSH users
I see that this is a CentOS 7 patch only, at least so far. I also see that the CentOS 6 ssh version is 5.3
> /usr/bin/ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
which is supposedly not affected. However, strings indicates that /usr/bin/ssh is also aware for the useroaming configuration option:
> strings /usr/bin/ssh | grep -i useroam
useroaming
Is it actually known that the ssh version shipped with CentOS 6 is not vulnerable, or is it just assumed based on the version number? The announcement implies that the roaming code itself was added in 5.4, not just that...
2016 Jan 14
2
Fwd: Heads up: OpenSSH users
...ichael H wrote:
>> Probably worth a read...
>>
>> http://www.openssh.com/txt/release-7.1p2
>>
>>> Important SSH patch coming soon. For now, everyone on all
>>> operating systems, please do the following:
>>>
>>> Add undocumented "UseRoaming no" to ssh_config or use
>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>> CVE-2016-0777. More later.
>>
>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>
> Please clarify - will the update add *Roam* to
> /et...
2016 Jan 15
1
Fwd: Heads up: OpenSSH users
...M, Michael H wrote:
>> Probably worth a read...
>>
>> http://www.openssh.com/txt/release-7.1p2
>>
>>> Important SSH patch coming soon. For now, everyone on all operating
>>> systems, please do the following:
>>>
>>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
>>> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
>>
>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>
> For the record, this update is now released (it was yesterday):
>
>...
2016 Jan 14
2
Fwd: Heads up: OpenSSH users
...t;>>>
>>>> http://www.openssh.com/txt/release-7.1p2
>>>>
>>>>> Important SSH patch coming soon. For now, everyone on all
>>>>> operating systems, please do the following:
>>>>>
>>>>> Add undocumented "UseRoaming no" to ssh_config or use
>>>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>>>> CVE-2016-0777. More later.
>>>>
>>>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>>>
>>> Please clari...
2016 Jan 15
0
Fwd: Heads up: OpenSSH users
...> I see that this is a CentOS 7 patch only, at least so far. I also see that the CentOS 6 ssh version is 5.3
> > /usr/bin/ssh -V
> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
> which is supposedly not affected. However, strings indicates that /usr/bin/ssh is also aware for the useroaming configuration option:
> > strings /usr/bin/ssh | grep -i useroam
> useroaming
> Is it actually known that the ssh version shipped with CentOS 6 is not vulnerable, or is it just assumed based on the version number? The announcement implies that the roaming code itself was added in 5.4...
2016 Jan 14
0
Fwd: Heads up: OpenSSH users
Michael H wrote:
> Probably worth a read...
>
> http://www.openssh.com/txt/release-7.1p2
>
>> Important SSH patch coming soon. For now, everyone on all operating
>> systems, please do the following:
>>
>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
>> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
>
> echo "UseRoaming no" >> /etc/ssh/ssh_config
Please clarify - will the update add *Roam* to /etc/ssh/ssh_config? I've
just checked on t...
2016 Jan 14
0
Fwd: Heads up: OpenSSH users
...bably worth a read...
>>>
>>> http://www.openssh.com/txt/release-7.1p2
>>>
>>>> Important SSH patch coming soon. For now, everyone on all
>>>> operating systems, please do the following:
>>>>
>>>> Add undocumented "UseRoaming no" to ssh_config or use
>>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>>> CVE-2016-0777. More later.
>>>
>>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>
>> Please clarify - will the update add...
2016 Jan 14
0
Fwd: Heads up: OpenSSH users
...Probably worth a read...
>>>
>>> http://www.openssh.com/txt/release-7.1p2
>>>
>>>> Important SSH patch coming soon. For now, everyone on all
>>>> operating systems, please do the following:
>>>>
>>>> Add undocumented "UseRoaming no" to ssh_config or use
>>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>>> CVE-2016-0777. More later.
>>>
>>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>>
>> Please clarify - will the update add...
2016 Jan 14
0
Fwd: Heads up: OpenSSH users (CentOS 7+)
...ichael H <michael at wemoto.com> wrote:
> Probably worth a read...
>
> http://www.openssh.com/txt/release-7.1p2
>
> > Important SSH patch coming soon. For now, everyone on all operating
> > systems, please do the following:
> >
> > Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
> > to prevent upcoming #openssh client bug CVE-2016-0777. More later.
>
> echo "UseRoaming no" >> /etc/ssh/ssh_config
It says this applies to OpenSSH 5.4 to 7.1.
So it would only affect CentOS7 and up, as C6 u...
2016 Jan 15
0
Fwd: Heads up: OpenSSH users
On 01/14/2016 10:20 AM, Michael H wrote:
> Probably worth a read...
>
> http://www.openssh.com/txt/release-7.1p2
>
>> Important SSH patch coming soon. For now, everyone on all operating
>> systems, please do the following:
>>
>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
>> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
>
> echo "UseRoaming no" >> /etc/ssh/ssh_config
For the record, this update is now released (it was yesterday):
https://lists.centos.org/pip...
2016 Jan 14
0
Announce: Portable OpenSSH 7.1p2 released
...e authentication of the server host key prevents exploitation
by a man-in-the-middle, so this information leak is restricted
to connections to malicious or compromised servers.
MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client
can be completely disabled by adding 'UseRoaming no' to the gobal
ssh_config(5) file, or to user configuration in ~/.ssh/config,
or by passing -oUseRoaming=no on the command line.
PATCH: See below for a patch to disable this feature (Disabling
Roaming in the Source Code).
This problem was reported by the Qualys Security Advis...
2016 May 26
19
[Bug 2573] New: dead sessions cannot be closed with ~.
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
Bug ID: 2573
Summary: dead sessions cannot be closed with ~.
Product: Portable OpenSSH
Version: 3.7.1p2
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org