OpenSSH Client Vunerability

Following the announcement of a vulnerability in the OpenSSH client we recommend that users who are using OpenSSH apply the fix described below on systems that they use to access ARCHER.

Only OpenSSH versions more recent than 5.4 are affected.

How do I know if I am affected?

Most Linux and Mac OSX users will be using OpenSSH and so should follow the procedures below.

You can check if your version of SSH is more recent than 5.4 with the command "ssh -V", e.g.:

bash:~$ ssh -V
OpenSSH_6.9p1, LibreSSL 2.1.8

If the version number (6.9 in the case above) is more recent than 5.4 you will need to make the change described below.

Windows users who use PuTTY are unaffected. Windows users who use MobaXTerm or an OpenSSH client (e.g. via Cygwin) should add the configuration line below to their local SSH configuration file.

Fix for Mac OSX, Linux and Windows OpenSSH Users

Add the following lines to the top of your local SSH configuration file:

Host *
   UseRoaming no

For Linux and Mac users, the file is usually located at ~/.ssh/config.

Note: you will need to do this on all systems (and user accounts) that you use to access ARCHER.

The vulnerability will be fixed in future releases of the OpenSSH software for all platforms so please update this software as soon as the opportunity becomes available on your system.

If you have any questions, please contact the ARCHER Helpdesk.