This issue does not affect the version OpenSSH as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the version of OpenSSH as shipped with Red Hat Enterprise Linux 7 in a non-default configuration. For more information please refer to https://access.redhat.com/articles/2123781
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (openssh)||RHSA-2016:0043||2016-01-14|
Affected Packages State
|Red Hat Enterprise Linux 6||openssh||Not affected|
|Red Hat Enterprise Linux 5||openssh||Not affected|
|Red Hat Enterprise Linux 4||openssh||Not affected|
AcknowledgementsRed Hat would like to thank Qualys for reporting this issue.
1. The vulnerable roaming code can be permanently disabled by adding the
undocumented option "UseRoaming no" to the system-wide configuration
file (usually /etc/ssh/ssh_config), or per-user configuration file
(~/.ssh/config), or command-line (-o "UseRoaming no").
2. If an OpenSSH client is disconnected from an SSH server that offers
roaming, it prints "[connection suspended, press return to resume]" on
stderr, and waits for '\n' or '\r' on stdin (and not on the controlling
terminal) before it reconnects to the server; advanced users may become
suspicious and press Control-C or Control-Z instead, thus avoiding the
However, SSH commands that use the local stdin to transfer data to the
remote server are bound to trigger this reconnection automatically (upon
reading a '\n' or '\r' from stdin). Moreover, these non-interactive SSH
commands (for example, backup scripts and cron jobs) commonly employ
public-key authentication and are therefore perfect targets for this