That's true. This is really just a good way to harvest private keys, then turn around and use them to remote in to other boxes and compromise those. Probably not the most practical attack ever, but still definitely worth hotfixing.
On 01/14/2016 03:09 PM, Kent Perrier wrote: > As I understand it, you have to logging into a compromised server for your > keys to be copied. I could be wrong, but that is how I understand the issue. > > Kent > > On Thu, Jan 14, 2016 at 3:04 PM, _NSAKEY <[email protected]> wrote: > >> This affects every OpenSSH version going back to 5.4 in 2010. If you use >> one of the affected versions, set "UseRoaming no" in your client's >> ssh_config until you can patch. The roaming code was ripped from the server >> portion of OpenSSH years ago, but it was left in the client code for all >> these years and was never documented. Here's some reading material which >> explains the bug in more detail: >> >> http://undeadly.org/cgi?action=article&sid=20160114142733 >> >> Here's the analysis from Qualys, who reported the bug: >> https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
