Disable experimental client-side roaming support. Server side was
disabled/gutted for years already, but this aspect was surprisingly
forgotten. openssh lists this bug as CVE-2016-0777
It is described in:
http://undeadly.org/cgi?action=article&sid=20160114142733
Fixed the issue as ssh.exe was trapping if config file was in the user's
home directory. User ssh client "config" file can be given by locating
it in the user's home directory/.ssh/config . Typically it is
/users/johndoe/.ssh/config
The original code had host file entries pointing to static memory. This
memory is freed in tilde_expand_paths. Better to xstrdup like the
original openssh code did.
Will fix problems like new hosts to be added to known_hosts file which
was failing when .ssh directory did not exist. Also default user's
public keys like id_rsa pairs are picked up properly from the user's
homdir/.ssh base.
manojampalam
quamrulmina
dkulwin
arif-pragmasys