From 7da166afb824e00be2819267b7ffc3537754c680 Mon Sep 17 00:00:00 2001
From: Michael Merideth <mike@victorops.com>
Date: Thu, 14 Jan 2016 14:28:39 -0700
Subject: [PATCH] mitigate client bugs CVE-2016-0777 and CVE-2016-0778

---
 manifests/init.pp        | 1 +
 templates/ssh_config.erb | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index b06219f..9381d6f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -22,6 +22,7 @@ class ssh (
   $ssh_config_sendenv_xmodifiers       = false,
   $ssh_config_ciphers                  = undef,
   $ssh_config_macs                     = undef,
+  $ssh_config_use_roaming              = 'no',
   $ssh_config_template                 = 'ssh/ssh_config.erb',
   $ssh_sendenv                         = 'USE_DEFAULTS',
   $ssh_gssapiauthentication            = 'yes',
diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb
index cb8a086..61959ef 100644
--- a/templates/ssh_config.erb
+++ b/templates/ssh_config.erb
@@ -72,6 +72,9 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 <% if @ssh_config_forward_x11 != nil -%>
   ForwardX11 <%= @ssh_config_forward_x11 %>
 <% end -%>
+<% if @ssh_config_use_roaming != nil -%>
+  UseRoaming <%= @ssh_config_use_roaming %>
+<% end -%>
 <% if @ssh_config_server_alive_interval != nil -%>
   ServerAliveInterval <%= @ssh_config_server_alive_interval %>
 <% end -%>