Summary ======= A critical client side SSH vulnerability has been discovered and a patched upstream version is released as 7.1p2. We strongly advise to use the following workaround until the upcoming release is rolled out in Arch Linux. This vulnerability is being tracked as CVE-2016-0777. Workaround ========== Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" work around the issue. References ========== https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034680.htm... https://www.marc.info/?l=openbsd-tech&m=145278077820529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777