On Thursday, October 28 2021, Leroy Tennison wrote: > Sergio, > Thanks for your reply, I was afraid of that. Any suggestion on how we deal > with this?
Well, according to this post from one of OpenSSH's developers: https://marc.info/?l=openbsd-misc&m=145278077920530&w=2 You can add the (undocumented) "UseRoaming no" option to your /etc/ssh/ssh_config (or ~/.ssh/config), or use the "-oUseRoaming=no" option when invoking ssh. Note that these two things have to be done on the client's side. Another option may be using only key-based authentication (i.e., disabling password-based auth), but I'm not entirely sure if that can really mitigate this CVE (at least I couldn't find anyone suggesting this approach). I'd suggest contacting the OpenSSH developers and confirming with them. Thanks, -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
