diff --git a/.mikaela/ssh/config b/.mikaela/ssh/config
index 5c4677b4..04c55bb5 100644
--- a/.mikaela/ssh/config
+++ b/.mikaela/ssh/config
@@ -39,6 +39,12 @@ Host *
     # manual).
     UpdateHostKeys yes
 
+    # Add undocumented "UseRoaming no" to ssh_config or use
+    # "-oUseRoaming=no" to prevent upcoming #openssh client bug
+    # CVE-2016-0777. More later.
+    # ~~ https://twitter.com/msfriedl/status/687635945642967040
+    UseRoaming no
+
     # Verify SSHFP records. In case DNSSEC is used this skips the
     # question on whether you trust the fingerprint or not.
     # All my hosts run DNSSEC validating Unbound on localhost and use it
diff --git a/etc/ssh/ssh_config b/etc/ssh/ssh_config
index bf14a7ae..71e06386 100644
--- a/etc/ssh/ssh_config
+++ b/etc/ssh/ssh_config
@@ -40,6 +40,12 @@ Host *
     # manual)
     UpdateHostKeys yes
 
+    # Add undocumented "UseRoaming no" to ssh_config or use
+    # "-oUseRoaming=no" to prevent upcoming #openssh client bug
+    # CVE-2016-0777. More later.
+    # ~~ https://twitter.com/msfriedl/status/687635945642967040
+    UseRoaming no
+
     # Verify SSHFP records. In case DNSSEC is used this skips the
     # question on whether you trust the fingerprint or not.
     # All my hosts run DNSSEC validating Unbound on localhost and use it