OpenSSH client Vulnerability CVE-2016-0777

openssh

OpenSSH client have a critical vlunerability, this allow compromised servers steal your private key.

This is because an expeirmental feature in SSH Client, UseRoaming is enabled by default.

You can find more about this bug at

http://www.openssh.com/txt/release-7.1p2

With latest version, this feature is disabled.

If you using SSH Client on your server or home computer, you should edit /etc/ssh/ssh_config and add

UseRoaming no

Posted in Security