diff --git a/defaults/main.yml b/defaults/main.yml
index 9e997c780..a95a53670 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -74,3 +74,6 @@ sftp_enabled: false
 
 # change default sftp chroot location
 sftp_chroot_dir: /home/%u
+
+# enable experimental client roaming
+ssh_client_roaming: false
diff --git a/templates/openssh.conf.j2 b/templates/openssh.conf.j2
index 1933cf2dd..0a283ee57 100644
--- a/templates/openssh.conf.j2
+++ b/templates/openssh.conf.j2
@@ -145,3 +145,6 @@ Compression yes
 
 #EscapeChar ~
 #VisualHostKey yes
+
+# Disable experimental client roaming. This is known to cause potential issues with secrets being disclosed to malicious servers and defaults to being disabled.
+UseRoaming {{ 'yes' if ssh_client_roaming else 'no' }}