forcibly disable roaming support in the client
ssh client security bug fix from
http://www.openssh.com/txt/release-7.1p2
openssh client is installed in gce instances.
although it's private key is not that much sensitive
it's better to land this security patch than not.
reported initially as cve-2016-0777 and cve-2016-0778
(January 14th, 2016)
BUG: 26587626
Change-Id: I113d576a3522ded8cb0f4a2e117999b0c51d4364
diff --git a/readconf.c b/readconf.c
index 42a2961..ebbf219 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1660,7 +1660,7 @@
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
- options->use_roaming = -1;
+ options->use_roaming = 0;
options->visual_host_key = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
@@ -1835,8 +1835,7 @@
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
- if (options->use_roaming == -1)
- options->use_roaming = 1;
+ options->use_roaming = 0;
if (options->visual_host_key == -1)
options->visual_host_key = 0;
if (options->ip_qos_interactive == -1)
diff --git a/ssh.c b/ssh.c
index 0ad82f0..7385462 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1929,9 +1929,6 @@
fork_postauth();
}
- if (options.use_roaming)
- request_roaming();
-
return client_loop(tty_flag, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, id);
}
