Bug 2346

Summary: sshd -T doesn't write all configuration options in valid format
Product: Portable OpenSSH Reporter: Jakub Jelen <jjelen>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: enhancement CC: dtucker
Priority: P5    
Version: 6.7p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2360    
Attachments:
Description Flags
proposed patch
none
proposed git patch none

Description Jakub Jelen 2015-01-30 23:52:11 AEDT 
Created attachment 2541 [details]
proposed patch

During walk through output of sshd -T in different versions of openssh in our distributions I came up with some problems that are also applicable to upstream so I took time to report them here.

Found issues:
 * UsePAM option is written in integer format, instead of yes/no format
 * StreamLocalBindMask is not written
 * AllowAgentForwarding is not written
 * VersionAddendum is written, but even without value which makes it invalid option when using output again as input sshd_config
 * AuthenticationMethods is written even if it is empty which causes the same problem like the previous option

These issues can be resolved using attached patch. Comments are welcomed.



Also in released versions 6.6 and 6.7 is missing this commit, which could be helpful for others looking for some inconsistency in this output:
https://anongit.mindrot.org/openssh.git/commit/?id=57d378ec9278ba417a726f615daad67d157de666
Comment 1 Jakub Jelen 2015-01-31 00:17:07 AEDT 
Created attachment 2542 [details]
proposed git patch

Sorry, one more thing to make it complete:
 * HostCertificate is written with wrong name: HostKey

Can be resolved adding:
@@ -2185,7 +2185,7 @@ dump_config(ServerOptions *o)
            o->authorized_keys_files);
        dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
             o->host_key_files);
-       dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
+       dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
             o->host_cert_files);
        dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
        dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
Comment 2 Darren Tucker 2015-04-17 11:13:50 AEST 
Thanks.  Committed the UsePAM change to portable and I'm looking at the remainder for OpenBSD now.
Comment 3 Darren Tucker 2015-04-17 14:13:09 AEST 
OK, the remainder of the patch has been applied and will be in the 6.9 release.  Thanks!
Comment 4 Damien Miller 2016-08-02 10:41:16 AEST 
Close all resolved bugs after 7.3p1 release