A critical flaw has been identified in the OpenSSH CLIENT that could lead to serious security implications.
How to fix?
Add the option ‘UseRoaming no’ to your /etc/ssh/ssh_config file or start your ssh client with -oUseRoaming=no included on the ssh command line.
ie, echo ‘UseRoaming no’ >> /etc/ssh/ssh_config
sudo sh -c ‘echo UseRoaming \”no\” >> /etc/ssh/ssh_config’
It’s being reported that it effects only on Centos 7 servers and they can update OpenSSH using yum.
#yum update openssh