This is the most serious bug you’ll hear about this week: The issue dubbed CVE-2016-0777 has been identified and fixed in #OpenSSH.
Affects all #OpenSSH 5.4 – 7.1: Apply the workaround and wait for an upcoming release.
# echo 'UseRoaming no' >> /etc/ssh/ssh_config
The information leak is exploitable in the default configuration of certain versions of the OpenSSH client and could (depending on the client’s version, compiler, and operating system) allow a malicious #SSH server to steal the client’s private keys.
More information: http://s.ibscc.net/ity9A