这个页面更新了一条信息:
January 14, 2016
OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user’s private keys. This may be mitigated by adding the undocumented config option UseRoaming no to ssh_config.
好像就是一个没写好的、没有文档的功能出现了bug, 可能导致信息泄露给坏蛋服务器。
有待仔细研究。
发表评论