OpenSSH Bug roaming connection feature

OpenSSH BUG: Client Information leak due to use of roaming connection feature

The OpenSSH client is supports an undocumented/unknown feature called roaming:

If connection to SSH server breaks/stucked unexpectedly,
and if server supports roaming, then client is able to reconnect to the server and resume the suspended SSH session.

Roaming feature on OpenSSH clients contain a security flaw which allows a malicious SSH server to steal the client’s private keys and its create OpenSSH bug.

To disable Roaming feature, refer following simple steps and secure your server.

To fix

Add the option ‘UseRoaming no’ in /etc/ssh/ssh_config file and restart ssh service with -oUseRoaming=no included on the ssh command line.

ie, echo ‘UseRoaming no’ >> /etc/ssh/ssh_config

or

sudo sh -c ‘echo UseRoaming \”no\” >> /etc/ssh/ssh_config’

It’s being reported that it effects only on Centos 7 servers and they can update OpenSSH using yum.

#yum update openssh

For more information read official Bug at Redhat Bugzilla

#KTCHost – A Reliable Hosting Provider

Secured Dedicated server

Be Sociable, Share!