BSDSec

deadsimple BSD Security Advisories and Announcements

ssh roaming

15 January, 2016 by tedu@tedunangst.com | openbsd 

Qualys Security identified vulnerabilities in the ssh client roaming feature.
In the default configuration, this could potentially leak client keys to a
hostile server.

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

There are patches to disable the roaming feature, and it has been removed from
the source tree.