Last active
January 21, 2016 21:06
-
-
Save Chalcahuite/986736b35d232033dd66 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
osVersion=$(sw_vers -productVersion | awk -F\. '{print $2}') | |
if [[ ${osVersion} -ge 11 ]]; then | |
if [[ $(cat /private/etc/ssh/ssh_config | grep -v ^# | grep Roaming >/dev/null; echo $?) -eq 1 ]]; then | |
echo "<result>Enabled</result>" | |
else | |
echo "<result>Disabled</result>" | |
fi | |
else | |
if [[ $(cat /private/etc/ssh_config | grep -v ^# | grep Roaming >/dev/null; echo $?) -eq 1 ]]; then | |
echo "<result>Enabled</result>" | |
else | |
echo "<result>Disabled</result>" | |
fi | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# OpenSSHfix.sh | |
# Script to mitigate vulnerability in OpenSSH on Macs. See CVE-2016-0777 and CVE-2016-0778. Thanks to Robert Hammen on the MacAdmins #security channel for paths and commands to set roaming off. Tested on Mavericks, Yosemite and El Capitan. | |
osVersion=$(sw_vers -productVersion | awk -F\. '{print $2}') | |
if [[ ${osVersion} -ge 11 ]]; then | |
if [[ $(cat /private/etc/ssh/ssh_config | grep -v ^# | grep Roaming >/dev/null; echo $?) -eq 1 ]]; then | |
echo "Disabling client-side roaming." | |
echo -e 'Host *\nUseRoaming no' >> /private/etc/ssh/ssh_config | |
else | |
echo "Client-side roaming disabled. No changes necessary." | |
fi | |
else | |
if [[ $(cat /private/etc/ssh_config | grep -v ^# | grep Roaming >/dev/null; echo $?) -eq 1 ]]; then | |
echo "Disabling client-side roaming." | |
echo -e 'Host *\nUseRoaming no' >> /private/etc/ssh_config | |
else | |
echo "Client-side roaming disabled. No changes necessary." | |
fi | |
fi | |
exit 0 |
Made suggest change. Thanks bmike.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would probably add a
| grep -v ^#
before the| grep Roaming
lines to make sure I'm finding a Roaming line that isn't commented out.Big thanks for posting this and doing the hard work / here and on the slack channel!