http://linux.die.net/man/5/ssh_config contains no mention of it, and DDG hits a reddit thread of 2014 asking the same thing (and giving an indication that it was also subject to another vuln) and they stated that it was added undocumented but "it does nothing yet"...
I found a commit message saying "Request roaming to be enabled if UseRoaming is true and the server supports it." So in addition, what is "request roaming"?
*Edit : it does seems like a good idea to disable the feature on your local `ssh_config` in case you or a software you use connect to an unpatched evil server.
> *Edit : it does seems like a good idea to disable the feature on your local `ssh_config` in case you or a software you use connect to an unpatched evil server.
The vulnerability is in the OpenSSH client, not the server. ssh_config is the client configuration. Unpatched servers are not relevant and putting this option in your server configuration (sshd_config) will simply make it not start, because the configuration is invalid.
[+] [-] dang|10 years ago|reply
[+] [-] chippy|10 years ago|reply
http://linux.die.net/man/5/ssh_config contains no mention of it, and DDG hits a reddit thread of 2014 asking the same thing (and giving an indication that it was also subject to another vuln) and they stated that it was added undocumented but "it does nothing yet"...
I found a commit message saying "Request roaming to be enabled if UseRoaming is true and the server supports it." So in addition, what is "request roaming"?
[+] [-] gravypod|10 years ago|reply
This is for people who are on cell connections/spotty internet.
[+] [-] lultimouomo|10 years ago|reply
[+] [-] dbalan|10 years ago|reply
[+] [-] dbalan|10 years ago|reply
[+] [-] j15e|10 years ago|reply
https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu...
*Edit : it does seems like a good idea to disable the feature on your local `ssh_config` in case you or a software you use connect to an unpatched evil server.
[+] [-] throwaway7767|10 years ago|reply
The vulnerability is in the OpenSSH client, not the server. ssh_config is the client configuration. Unpatched servers are not relevant and putting this option in your server configuration (sshd_config) will simply make it not start, because the configuration is invalid.
[+] [-] state_machine|10 years ago|reply
"experimental support for resuming SSH-connections (roaming) ... could be tricked by a malicious server into leaking ... private client user keys."
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] ericfrederich|10 years ago|reply
[+] [-] feld|10 years ago|reply
Come on Theo, this isn't Linux
[+] [-] colindean|10 years ago|reply
[+] [-] unfunco|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]