What could 'Roaming not allowed by server' of ssh client mean?

Solution 1:

It's not really an error message. It's just a debug message telling you that the server doesn't accept roaming connections.

Roaming is apparently an experimental feature added to OpenSSH back in 2009 or so. The purpose of the feature is to let an ssh client disconnect from a server session and then resume the session from another location. See here for some discussion about it. Googling ssh, roaming, and "Martin Forssén" will turn up other pages. It doesn't look like it's being actively developed. I suspect the SSH developers never documented it because it's experimental and perhaps not finished.

From inspecting the OpenSSH source code, there's an undocumented client-side option UseRoaming which can be set to yes or no. Adding the line "UseRoaming no" to your client configuration (normally your .ssh/config file) ought to suppress the debug message.

It wasn't obvious to me why the server-side HostbasedAuthentication setting would control whether the server accepts roaming connections or not.

Update: The client roaming support is apparently the subject of a computer vulnerability exposure report, CVE-2016-0777. OpenSSH versions 5.4 through 7.1p1 are vulnerable. Users should upgrade to OpenSSH 7.1p2 or later. Users who cannot upgrade should disable roaming in the client by adding "UseRoaming no" to their ssh client configuration. See the following:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
  • https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
  • http://undeadly.org/cgi?action=article&sid=20160114142733
  • https://forums.freebsd.org/threads/openssh-client-bug-cve-2016-0777.54736/

Solution 2:

The changelog from openssh 5.3 on CentOS6 has a note:

2009/06/27
     Add client option UseRoaming. It doesn't do anything yet but will
     control whether the client tries to use roaming if enabled on the
     server. From Martin Forssen.

Solution 3:

@ILMostro_7 chmod 600 authorized_keys worked fine for me.

For the benefit of anyone else who arrives here by googling "Roaming not allowed by server", and is using a Linux (Ubuntu) client, you might fix that warning and then see:-

Agent admitted failure to sign using the key

The cure for that is given at https://help.github.com/articles/error-agent-admitted-failure-to-sign/

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    # Agent pid 59566 (displays process id)
    $ ssh-add
    # Enter passphrase for /home/you/.ssh/id_rsa: [tippy tap]
    # Identity added: /home/you/.ssh/id_rsa (/home/you/.ssh/id_rsa)

'#' = comment. you = your-username. [tippy tap] = humo[u]r? = press the Enter key.

I hope that helps somebody as much as this Q&A already helped me.