Skip to content
This repository was archived by the owner on Dec 26, 2020. It is now read-only.

Commit 200bff0

Browse files
chris-rockchris-rock
committed
Merge pull request #49 from hardening-io/disable_client_roaming
Disable experimental client roaming.
2 parents 7de0d13 + bf76e1d commit 200bff0

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

defaults/main.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,3 +74,6 @@ sftp_enabled: false
7474

7575
# change default sftp chroot location
7676
sftp_chroot_dir: /home/%u
77+
78+
# enable experimental client roaming
79+
ssh_client_roaming: false

templates/openssh.conf.j2

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,3 +145,6 @@ Compression yes
145145

146146
#EscapeChar ~
147147
#VisualHostKey yes
148+
149+
# Disable experimental client roaming. This is known to cause potential issues with secrets being disclosed to malicious servers and defaults to being disabled.
150+
UseRoaming {{ 'yes' if ssh_client_roaming else 'no' }}

0 commit comments

Comments
 (0)