I'm failing to connect to an SSH server instance and the verbose output contains debug1: Roaming not allowed by server. The following predictable and there avoidable problems arise:
- Roaming means to access services from different types of networks. I can't figure out what it could mean in the context of the verbose output of a
ssh6.6.1 client running on Ubuntu 14.04. - It is not clear whether this is an error or not and if it is whether it is causing the failure of the login or not (I don't want to dive into the connection failure here, though; none of the output message of
sshdoes BTW -> more problems and time waisting - you have been warned!) - I queried
site:www.openssh.org roamingin google with empty result and manpages don't contain the term. It is nonsense to use it even if it was documented because of its ambiguity!
What could the message mean? How could I use it to debug the large set of other highly ambiguous, unintuitive and unhelpful error and other messages of SSH?
Answer
It's not really an error message. It's just a debug message telling you that the server doesn't accept roaming connections.
Roaming is apparently an experimental feature added to OpenSSH back in 2009 or so. The purpose of the feature is to let an ssh client disconnect from a server session and then resume the session from another location. See here for some discussion about it. Googling ssh, roaming, and "Martin Forssén" will turn up other pages. It doesn't look like it's being actively developed. I suspect the SSH developers never documented it because it's experimental and perhaps not finished.
From inspecting the OpenSSH source code, there's an undocumented client-side option UseRoaming which can be set to yes or no. Adding the line "UseRoaming no" to your client configuration (normally your .ssh/config file) ought to suppress the debug message.
It wasn't obvious to me why the server-side HostbasedAuthentication setting would control whether the server accepts roaming connections or not.
Update: The client roaming support is apparently the subject of a computer vulnerability exposure report, CVE-2016-0777. OpenSSH versions 5.4 through 7.1p1 are vulnerable. Users should upgrade to OpenSSH 7.1p2 or later. Users who cannot upgrade should disable roaming in the client by adding "UseRoaming no" to their ssh client configuration. See the following:
No comments:
Post a Comment